Hard-Pin Nuxt to 3.21.0 Until vite-node IPC Regression is Fixed
Context
Nuxt 3.21.5 (and the subsequent 3.21.x patches available at the time of pinning) introduced a regression in the vite-node IPC channel that the dev-mode of packages/web/swiss_ai_hub_web relies on. The symptom is a hang during pnpm dev and intermittent module-resolution errors against the parent Nuxt layer in .app/. The fix is not yet upstreamed — see commit b0ec13721 ("chore(ui): Pin nuxt to 3.21.0 to restore vite-node IPC").
package.json is the only place to express this constraint, and JSON does not support inline comments, so the constraint sits in package.json without context. A reviewer or dependency-update bot looking at the line "nuxt": "3.21.0" (no caret) cannot tell whether the pin is intentional or accidental, and therefore cannot tell when it is safe to lift.
Decision Drivers
- Avoid silent dependency drift
A hard pin with no recorded reason becomes forgotten tech debt. - Enable safe future upgrades
Someone bumping Nuxt must know what to retest before relaxing the pin. - Block patch security updates only where necessary
^3.21.0would normally let patches in; the pin blocks that, which is acceptable only as long as the regression is unfixed upstream.
Decision
Hard-pin nuxt to 3.21.0 in packages/web/swiss_ai_hub_web/package.json (no ^ or ~ range prefix) until the vite-node IPC regression is fixed upstream. This ADR is the canonical record of why the caret is missing.
Consequences
- Dependabot and manual
pnpm upruns will not bump Nuxt within the 3.21.x line — security patches that ship in 3.21.6+ have to be evaluated and lifted manually. - Any developer attempting to upgrade Nuxt must:
- Reproduce or verify the vite-node IPC regression on the new candidate version.
- If the regression is gone, remove the pin (restore
^prefix) and update this ADR's status to "Superseded". - If the regression persists, leave the pin in place and update the "Context" section with the new evidence.
Exit Criterion
Remove the hard pin once a Nuxt 3.21.x (or later) release ships with the vite-node IPC fix and pnpm dev works reliably against the .app/ layer. Track upstream Nuxt releases for the relevant fix commit; re-run pnpm dev on a clean install to verify before relaxing the constraint.