chore(deps-dev): bump vite from 7.3.1 to 8.0.3#253
chore(deps-dev): bump vite from 7.3.1 to 8.0.3#253dependabot[bot] wants to merge 1 commit intodevelopfrom
Conversation
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.1 to 8.0.3. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.3/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Deploying boxdbud with
|
| Latest commit: |
f8616e1
|
| Status: | 🚫 Build failed. |
dependabot
Bot
added
dependencies
|
There was a problem hiding this comment.
Pull request overview
This PR updates the frontend build tooling by bumping Vite from 7.3.1 to 8.0.3, reflecting a major-version upgrade in the project’s devDependencies.
Changes:
- Bump
viteto^8.0.3inpackage.json. - Regenerate
package-lock.jsonto capture the updated Vite dependency graph (including new transitive deps likerolldownandlightningcss).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
package.json |
Updates the Vite devDependency version to the new major release. |
package-lock.json |
Updates the lockfile to reflect new/updated transitive dependencies pulled in by Vite 8. |
| "prettier": "^3.7.4", | ||
| "typescript": "^5.9.3", | ||
| "vite": "^7.3.1", | ||
| "vite": "^8.0.3", |
There was a problem hiding this comment.
Bumping Vite to ^8.0.3 introduces a peer-compatibility mismatch with the currently pinned @vitejs/plugin-react (5.1.x). The lockfile shows @vitejs/plugin-react@5.1.4 declares peer "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" (no Vite 8), so installs will warn and the plugin may break against Vite 8 APIs. Either upgrade @vitejs/plugin-react to a version that supports Vite 8, or keep Vite on 7.x until the plugin/tooling stack is compatible.
| "vite": "^8.0.3", | |
| "vite": "^7.0.0", |
| "prettier": "^3.7.4", | ||
| "typescript": "^5.9.3", | ||
| "vite": "^7.3.1", | ||
| "vite": "^8.0.3", | ||
| "vitest": "^4.0.16", |
There was a problem hiding this comment.
With Vite 8, the dependency stack now targets Node >=20.19.0 (per Vite's engines). Since package.json doesn't declare an "engines" requirement, developers or deploy environments on older Node 20 minors may hit install/build failures without a clear hint. Consider adding an explicit "engines": { "node": ">=20.19.0" } (and aligning CI/deploy Node versions) to make the requirement explicit.
Bumps vite from 7.3.1 to 8.0.3.
Release notes
Sourced from vite's releases.
... (truncated)
Changelog
Sourced from vite's changelog.
... (truncated)
Commits
f83264frefactor(build): renameindexOfMatchInSlicetofindPreloadMarker(#21054)8293de0release: v7.2.02833c55fix(types): add undefined to optional properties for exactOptionalProperties ...e3a6a83chore(deps): update rolldown-related dependencies (#21047)b1fd616fix(css): fallback to sass when sass-embedded platform binary is missing (#21...ad5b3bffix(module-runner): makegetBuiltinsresponse JSON serializable (#21029)793baa2release: v7.2.0-beta.1e5af352fix(optimizer): externalize virtual modules for html like files (#21001)4f44f22fix: increase stream reset rate limit for HTTP2 (#21024)a2df778refactor: usefs.cpSync(#21019)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)