Skip to content

Conversation

@ianzone
Copy link
Contributor

@ianzone ianzone commented Nov 21, 2025

这个 PR 做了什么? (简要描述所做更改)
更新 postcss,所有子包dev依赖根目录版本

这个 PR 是什么类型? (至少选择一个)

  • 错误修复 (Bugfix) issue: fix #
  • 新功能 (Feature)
  • 代码重构 (Refactor)
  • TypeScript 类型定义修改 (Types)
  • 文档修改 (Docs)
  • 代码风格更新 (Code style update)
  • 构建优化 (Chore)
  • 其他,请描述 (Other, please describe):

这个 PR 涉及以下平台:

  • 所有平台
  • Web 端(H5)
  • 移动端(React-Native)
  • 鸿蒙(Harmony)
  • 鸿蒙容器(Harmony Hybrid)
  • ASCF 元服务
  • 快应用(QuickApp)
  • 所有小程序
  • 微信小程序
  • 企业微信小程序
  • 京东小程序
  • 百度小程序
  • 支付宝小程序
  • 支付宝 IOT 小程序
  • 钉钉小程序
  • QQ 小程序
  • 飞书小程序
  • 快手小程序
  • 头条小程序

Summary by CodeRabbit

维护

  • 更新 postcss 依赖版本至 ^8.5.6,覆盖项目中多个包配置

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link

coderabbitai bot commented Nov 21, 2025

Walkthrough

此PR更新了跨越多个package.json文件的PostCSS依赖版本,从^8.4.38升级到^8.5.6。同时对taro-cli-convertor、taro-platform-harmony-cpp、taro-rn-style-transformer及taro包中的依赖声明进行了调整。

Changes

Cohort / File(s) 变更摘要
PostCSS版本升级
examples/external-prebundle/package.jsonexamples/input-readonly-taro4/package.jsonexamples/mini-program-example/package.jsonexamples/swiper-effect/package.jsonexamples/taro-list/package.jsonpackage.jsonpackages/taro-cli/templates/default/package.json.tmpl
将PostCSS依赖从^8.4.38升级至^8.5.6
taro-cli-convertor依赖调整
packages/taro-cli-convertor/package.json
将@tarojs/taro从devDependencies移至dependencies;postcss升级至^8.5.6并同时出现在dependencies和devDependencies中
PostCSS依赖移除
packages/taro-platform-harmony-cpp/package.jsonpackages/taro-rn-style-transformer/package.jsonpackages/taro/package.json
从devDependencies中移除postcss依赖

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

  • 所有变更均为依赖版本更新和简单的package.json调整
  • 无功能逻辑或控制流变化
  • 变更模式高度一致且重复性强

Suggested reviewers

  • luckyadam
  • yoyo837
  • tutuxxx

Poem

🐰✨ PostCSS焕新装,版本向上跑,
依赖细调配,工具更美妙!
从8.4到8.5,升级添活力,
Taro生态健康,兔子齐欢喜!🎉

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed 标题准确反映了 PR 的主要变更——更新 postcss 依赖版本,简洁明了且符合提交规范。
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ee3f700 and 28635d2.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (11)
  • examples/external-prebundle/package.json (1 hunks)
  • examples/input-readonly-taro4/package.json (1 hunks)
  • examples/mini-program-example/package.json (1 hunks)
  • examples/swiper-effect/package.json (1 hunks)
  • examples/taro-list/package.json (1 hunks)
  • package.json (1 hunks)
  • packages/taro-cli-convertor/package.json (1 hunks)
  • packages/taro-cli/templates/default/package.json.tmpl (2 hunks)
  • packages/taro-platform-harmony-cpp/package.json (0 hunks)
  • packages/taro-rn-style-transformer/package.json (1 hunks)
  • packages/taro/package.json (0 hunks)
💤 Files with no reviewable changes (2)
  • packages/taro-platform-harmony-cpp/package.json
  • packages/taro/package.json
🧰 Additional context used
🧠 Learnings (5)
📓 Common learnings
Learnt from: ianzone
Repo: NervJS/taro PR: 18146
File: packages/babel-plugin-transform-react-jsx-to-rn-stylesheet/package.json:12-14
Timestamp: 2025-08-08T02:32:58.265Z
Learning: 在 Taro 项目的 pnpm 工作区中,Vitest 相关依赖(vitest 和 vitest/coverage-istanbul)被管理在根目录的 package.json 中,而不是各个子包的 devDependencies 中。这是 monorepo 中依赖提升的标准做法。
Learnt from: ianzone
Repo: NervJS/taro PR: 18150
File: packages/taro-platform-harmony-hybrid/package.json:43-45
Timestamp: 2025-09-05T18:40:45.775Z
Learning: 在 tarojs/plugin-platform-harmony-hybrid 包中,tarojs/components-library-react、tarojs/components-library-solid 和 tarojs/components-library-vue3 必须作为直接依赖(dependencies)而不能作为 peer 依赖,因为插件源码中有对这些包的直接引用,包括 componentAdapter* getter 方法和 webpack 别名配置。
Learnt from: ianzone
Repo: NervJS/taro PR: 17746
File: packages/taro-runtime/tsdown.config.ts:10-16
Timestamp: 2025-05-25T18:02:31.387Z
Learning: 在 taro-runtime 包的 tsdown 配置中,必须禁用 treeshake 来保留 dom-external/index.js 文件。
📚 Learning: 2025-08-25T22:16:50.118Z
Learnt from: ianzone
Repo: NervJS/taro PR: 18150
File: packages/babel-plugin-transform-taroapi/tests/__mocks__/h5-definition.json:2356-2356
Timestamp: 2025-08-25T22:16:50.118Z
Learning: The file `packages/babel-plugin-transform-taroapi/tests/__mocks__/h5-definition.json` is auto-generated by the post-build script `packages/taro-platform-h5/scripts/post-build.mjs`, which copies content from `taro-platform-h5/dist/definition.json`. This file should not be manually edited.

Applied to files:

  • examples/taro-list/package.json
  • packages/taro-rn-style-transformer/package.json
  • packages/taro-cli/templates/default/package.json.tmpl
  • examples/input-readonly-taro4/package.json
  • packages/taro-cli-convertor/package.json
📚 Learning: 2025-08-08T02:32:58.265Z
Learnt from: ianzone
Repo: NervJS/taro PR: 18146
File: packages/babel-plugin-transform-react-jsx-to-rn-stylesheet/package.json:12-14
Timestamp: 2025-08-08T02:32:58.265Z
Learning: 在 Taro 项目的 pnpm 工作区中,Vitest 相关依赖(vitest 和 vitest/coverage-istanbul)被管理在根目录的 package.json 中,而不是各个子包的 devDependencies 中。这是 monorepo 中依赖提升的标准做法。

Applied to files:

  • packages/taro-rn-style-transformer/package.json
  • packages/taro-cli/templates/default/package.json.tmpl
  • examples/input-readonly-taro4/package.json
  • packages/taro-cli-convertor/package.json
📚 Learning: 2025-09-05T18:40:45.775Z
Learnt from: ianzone
Repo: NervJS/taro PR: 18150
File: packages/taro-platform-harmony-hybrid/package.json:43-45
Timestamp: 2025-09-05T18:40:45.775Z
Learning: 在 tarojs/plugin-platform-harmony-hybrid 包中,tarojs/components-library-react、tarojs/components-library-solid 和 tarojs/components-library-vue3 必须作为直接依赖(dependencies)而不能作为 peer 依赖,因为插件源码中有对这些包的直接引用,包括 componentAdapter* getter 方法和 webpack 别名配置。

Applied to files:

  • packages/taro-rn-style-transformer/package.json
  • packages/taro-cli-convertor/package.json
📚 Learning: 2025-05-25T18:02:31.387Z
Learnt from: ianzone
Repo: NervJS/taro PR: 17746
File: packages/taro-runtime/tsdown.config.ts:10-16
Timestamp: 2025-05-25T18:02:31.387Z
Learning: 在 taro-runtime 包的 tsdown 配置中,必须禁用 treeshake 来保留 dom-external/index.js 文件。

Applied to files:

  • packages/taro-cli-convertor/package.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
  • GitHub Check: Build Rust Binding / stable - x86_64-unknown-linux-musl
  • GitHub Check: Build Rust Binding / stable - x86_64-pc-windows-msvc
  • GitHub Check: Build Rust Binding / stable - aarch64-apple-darwin
  • GitHub Check: Build Rust Binding / stable - x86_64-unknown-linux-gnu
  • GitHub Check: Build Rust WASM / stable - wasm32-wasi
  • GitHub Check: Build Rust Binding / stable - x86_64-apple-darwin
🔇 Additional comments (11)
examples/taro-list/package.json (1)

83-83: PostCSS 版本更新一致。

版本更新与其他文件保持一致(^8.5.6)。此更新已在 examples/swiper-effect/package.json 中请求验证。

examples/external-prebundle/package.json (1)

41-41: PostCSS 版本更新一致。

版本更新与其他文件保持一致(^8.5.6)。注意此文件中 postcss 位于 dependencies 而非 devDependencies,这对于此示例项目是合适的。

examples/mini-program-example/package.json (1)

82-82: PostCSS 版本更新一致。

版本更新与其他文件保持一致(^8.5.6)。

package.json (1)

148-148: 根目录 PostCSS 版本更新一致。

根 package.json 中的 postcss 版本更新为 ^8.5.6,与子包和示例项目保持一致。在 pnpm 工作区中,这有助于确保依赖版本的统一管理。

packages/taro-cli/templates/default/package.json.tmpl (2)

117-117: Webpack5 模板中的 PostCSS 版本更新。

更新默认项目模板中的 postcss 版本为 ^8.5.6,新创建的使用 Webpack5 编译器的项目将使用此版本。


155-155: Vite 模板中的 PostCSS 版本更新。

更新默认项目模板中的 postcss 版本为 ^8.5.6,新创建的使用 Vite 编译器的项目将使用此版本。

packages/taro-rn-style-transformer/package.json (1)

50-51: 从 devDependencies 移除 postcss 符合工作区最佳实践。

postcss 已从 devDependencies 中移除,但仍保留在 peerDependencies 中(">= 8")。在 pnpm 工作区中,postcss 将从根目录提升,这符合 monorepo 的依赖管理最佳实践。

基于学习记录。

examples/input-readonly-taro4/package.json (1)

85-85: PostCSS 版本更新一致。

版本更新与其他文件保持一致(^8.5.6)。

examples/swiper-effect/package.json (1)

74-74: 验证完成:PostCSS 8.5.6 版本有效且安全,无需进一步修改。

根据验证结果:

  • 版本可用性:PostCSS 8.5.6 在 npm 上存在且可用
  • 安全漏洞:已列出的所有安全漏洞均影响较早版本(< 8.4.31 和 < 8.2.13)
  • 升级安全性:从 8.4.38 升级到 8.5.6 是安全的次要版本升级,无已知安全风险

代码更改可以批准。

packages/taro-cli-convertor/package.json (2)

51-51: Now I need to check the repository structure to find postcss-taro-unit-transform and verify postcss dependency placement:

Based on my verification, I found evidence that requires clarification:

验证 postcss 的放置位置。

从源码中确认了 postcsspackages/taro-cli-convertor/src/index.ts 中被直接导入(第 27 行)并在 styleUnitTransform 方法中运行时使用(第 1925 行)。然而,在当前 package.json 中,postcss 仅位于 devDependencies(第 60 行),而不是 dependencies。

根据 PostCSS 插件指南,postcss 应位于 peerDependencies 中。由于 postcss-taro-unit-transform(第 51 行)是 dependencies,而 postcss 仅在 devDependencies 中,这可能导致运行时依赖问题。

需要确认:

  1. postcss-taro-unit-transform 的 package.json 中 postcss 的依赖类型
  2. monorepo 根目录 package.json 是否在 dependencies 中包含 postcss 或其他依赖管理方式

45-45: Based on the verification results, I can now provide the rewritten review comment:

@tarojs/binding 在 dependencies 中放置正确,@tarojs/taro 的放置需要调整。

根据代码分析:

  • @tarojs/binding(第7行 src/index.ts):被实际导入用于获取 CompilerType, Creator, CSSType, FrameworkType,是运行时依赖,应在 dependencies 中 ✓

  • @tarojs/taro(第62行 src/index.ts):仅通过 import type { AppConfig, TabBar } 进行类型导入,类型导入在编译时被完全擦除,运行时不存在依赖。其他出现位置(第876、882行)均为生成代码中的字符串字面量,非实际导入。

因此,@tarojs/taro 不应添加到 dependencies,应仅在需要时放在 devDependencies(如用于构建/测试)或根本不需要。


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov
Copy link

codecov bot commented Nov 21, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.33%. Comparing base (ee3f700) to head (28635d2).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main   #18647   +/-   ##
=======================================
  Coverage   56.33%   56.33%           
=======================================
  Files         447      447           
  Lines       23342    23342           
  Branches     5762     5768    +6     
=======================================
  Hits        13149    13149           
- Misses       8364     8371    +7     
+ Partials     1829     1822    -7     
Flag Coverage Δ
taro-cli 72.85% <ø> (ø)
taro-runtime 60.33% <ø> (ø)
taro-web 53.12% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 6 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@ianzone
Copy link
Contributor Author

ianzone commented Nov 21, 2025

@yoyo837 有劳了

@yoyo837 yoyo837 added this to the 4.1.9 milestone Nov 21, 2025
@yoyo837 yoyo837 merged commit e4c4a9d into NervJS:main Nov 21, 2025
24 checks passed
@ianzone ianzone deleted the postcss branch November 21, 2025 08:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants