Skip to content

chore(deps): bump web-vitals from 4.2.4 to 5.2.0#74

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/web-vitals-5.2.0
Open

chore(deps): bump web-vitals from 4.2.4 to 5.2.0#74
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/web-vitals-5.2.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 13, 2026
edited
Loading

Bumps web-vitals from 4.2.4 to 5.2.0.

Changelog

Sourced from web-vitals's changelog.

v5.2.0 (2026-03-25)

  • Replace filter()[0] with find() for better performance (#658)
  • Use queueMicrotask for microtask scheduling (#660)
  • Simplify the event and LoAF entry clean up logic (#662)
  • Remove obsolete FID polyfill types (#675)
  • Use LargestContentfulPaint.id as fallback when element is removed from DOM (#676)
  • Fix bug for onLCP when attached late (#697)
  • FHandle initially hidden pages and onLCP registered on visibility change (#698)
  • Ensure we clear idle callbacks in whenIdleOrHidden (#707)
  • Limit pending events to conserve memory (#710)
  • Add includeProcessedEventEntries option (#714)
  • Reduce bundle size by refactoring (#713)

v5.1.0 (2025-07-31)

  • Register visibility-change early (#637)
  • Only finalize LCP on user events (isTrusted=true) (#635)
  • Fallback to default getSelector if custom function is null or undefined (#634)

v5.0.3 (2025-06-11)

  • Remove visibilitychange event listeners when no longer required (#627)

v5.0.2 (2025-05-29)

  • Handle layout shifts with no sources (#623)

v5.0.1 (2025-05-13)

  • Fix missing FCP and LCP for prerendered pages (#621)

v5.0.0 (2025-05-07)

[!NOTE] See the upgrading to v5 guide for a complete list of all API changes in version 5.

  • [BREAKING] Remove the deprecated onFID() function (#519)
  • [BREAKING] Change browser support policy to Baseline Widely available (#525)
  • [BREAKING] Sort the classes that appear in attribution selectors to reduce cardinality (#518)
  • Extend INP attribution with extra LoAF information: longest script and buckets (#592)
  • Add support for generating custom targets in the attribution build (#585)
  • Support multiple calls to onINP() with different config options (#583)
  • Use visibility-state performance entries (#612)
  • Ensure idle callbacks don't run twice (#541) and (#548)
  • Cap nextPaintTime at processingStart (#540) and (#546)
  • Cap INP breakdowns to INP duration (#528)
  • Cap LCP load duration to LCP time (#527)
Commits
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

@dependabot dependabot bot added dependencies Pull requests that update a dependency pnpm pnpm package updates labels Apr 13, 2026
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages bot commented Apr 13, 2026
edited
Loading

Deploying my-website-dev with  Cloudflare Pages  Cloudflare Pages

Latest commit: 472ce53
Status:🚫  Build failed.

View logs

@greptile-apps
Copy link
Copy Markdown

greptile-apps bot commented Apr 13, 2026
edited
Loading

Greptile Summary

This PR bumps web-vitals from 4.2.4 to 5.2.0 (a major version jump). The lockfile and package.json changes are correct, but the upgrade introduces a breaking incompatibility in src/reportWebVitals.tsx.

  • web-vitals v5.0.0 removed the deprecated onFID() (First Input Delay) function as a breaking change. The project's reportWebVitals.tsx still imports and calls onFID, which no longer exists in v5. This will cause a TypeError at runtime and likely a TypeScript compilation failure.
  • FID has been superseded by INP (Interaction to Next Paint); onFID should be replaced with onINP in src/reportWebVitals.tsx.
  • Other v5 features (INP attribution improvements, includeProcessedEventEntries option, browser-support policy change to Baseline Widely Available) are otherwise welcome improvements.

Confidence Score: 2/5

Not safe to merge as-is — the breaking API removal in web-vitals v5 will crash the reportWebVitals function at runtime and likely fail the TypeScript build.

The dependency bump is a major version upgrade containing a documented breaking change (onFID removal). The consuming file src/reportWebVitals.tsx has not been updated to reflect this, so merging will introduce a runtime TypeError and a TS compile error. A one-line fix (swap onFID for onINP) in src/reportWebVitals.tsx is all that's needed, but it must be included in this PR before it can be safely merged.

src/reportWebVitals.tsx — must remove onFID and add onINP to be compatible with web-vitals v5.

Important Files Changed

Filename Overview
package.json Bumps web-vitals in devDependencies from 4.2.4 to 5.2.0; the version change itself is clean, but the consuming code is not compatible with v5's breaking API changes.
pnpm-lock.yaml Lockfile correctly reflects the new web-vitals@5.2.0 resolution with its integrity hash; no issues here.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[reportWebVitals called] --> B{onPerfEntry provided?}
    B -- No --> Z[Return]
    B -- Yes --> C[Dynamic import 'web-vitals']
    C --> D{web-vitals v4}
    D --> E["Destructure: onCLS, onFID, onFCP, onLCP, onTTFB"]
    E --> F[Call all 5 functions ✅]
    C --> G{web-vitals v5 - this PR}
    G --> H["Destructure: onCLS, onFID=undefined, onFCP, onLCP, onTTFB"]
    H --> I["onFID(onPerfEntry) → TypeError ❌"]
    I --> J[catch: console.error - all vitals reporting silently fails]
Loading

Comments Outside Diff (1)

  1. src/reportWebVitals.tsx, line 7-12 (link)

    P0 onFID removed in web-vitals v5 — will cause a runtime crash

    web-vitals v5.0.0 removed the deprecated onFID() function as a breaking change. After this bump, onFID will no longer be exported from the package, so it will be undefined when destructured from the dynamic import. Calling undefined(onPerfEntry) will throw a TypeError at runtime, breaking all web-vitals reporting whenever reportWebVitals is invoked.

    Additionally, the TypeScript build will likely fail since onFID is no longer present in the web-vitals type definitions exported by v5.

    FID (First Input Delay) has been superseded by INP (Interaction to Next Paint); the fix is to remove onFID and replace it with onINP:

Reviews (4): Last reviewed commit: "chore(deps): bump web-vitals from 4.2.4 ..." | Re-trigger Greptile

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/web-vitals-5.2.0 branch 5 times, most recently from 72e557a to 40f2825 Compare April 13, 2026 07:03
@dependabot
chore(deps): bump web-vitals from 4.2.4 to 5.2.0
472ce53 
Bumps [web-vitals](https://github.com/GoogleChrome/web-vitals) from 4.2.4 to 5.2.0.
- [Changelog](https://github.com/GoogleChrome/web-vitals/blob/main/CHANGELOG.md)
- [Commits](GoogleChrome/web-vitals@v4.2.4...v5.2.0)

---
updated-dependencies:
- dependency-name: web-vitals
  dependency-version: 5.2.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/web-vitals-5.2.0 branch from 40f2825 to 472ce53 Compare April 13, 2026 07:05
greptile-apps[bot]
greptile-apps bot reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dependabot[bot] has reached the 50-review limit for trial accounts. To continue receiving code reviews, upgrade your plan.

@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages bot commented Apr 13, 2026
edited
Loading

Deploying my-website with  Cloudflare Pages  Cloudflare Pages

Latest commit: 472ce53
Status:🚫  Build failed.

View logs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency pnpm pnpm package updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants