Skip to content

Bump vite from 8.0.12 to 8.0.16#126

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/vite-8.0.13
Closed

Bump vite from 8.0.12 to 8.0.16#126
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/vite-8.0.13

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 20, 2026

Copy link
Copy Markdown
Contributor

Bumps vite from 8.0.12 to 8.0.16.

Release notes

Sourced from vite's releases.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.16 (2026-06-01)

Bug Fixes

8.0.15 (2026-06-01)

Features

Bug Fixes

  • capitalize error messages and remove spurious space in parse error (#22488) (85a0eff)
  • deps: update all non-major dependencies (#22511) (2686d7d)
  • dev: fix html-proxy cache key mismatch for /@fs/ HTML paths (#21762) (47c4213)
  • glob: error on relative glob in virtual module when no files match (#22497) (5c8e98f)
  • optimizer: close the rolldown bundle when write() rejects (#22528) (e3cfb9d)
  • resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#22509) (40985f1)

Miscellaneous Chores

Code Refactoring

8.0.14 (2026-05-21)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22471) (98b8163)
  • dev: handle errors when sending messages to vite server (#22450) (e8e9a34)
  • html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)
  • optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

  • deps: update rolldown-related dependencies (#22470) (7cb728e)
  • remove irrelevant commits from changelog (2c69495)

Code Refactoring

  • glob: do not rewrite import path for absolute base (#22310) (0ae2844)

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file npm npm ecosystem dependency updates labels May 20, 2026
@dependabot dependabot Bot requested a review from eviltester as a code owner May 20, 2026 08:13
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file npm npm ecosystem dependency updates labels May 20, 2026
@dependabot dependabot Bot changed the title Bump vite from 8.0.12 to 8.0.13 Bump vite from 8.0.12 to 8.0.14 May 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vite-8.0.13 branch 2 times, most recently from 1e8a9ac to 20ea893 Compare June 2, 2026 14:21
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.12 to 8.0.16.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.16/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 8.0.13
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump vite from 8.0.12 to 8.0.14 Bump vite from 8.0.12 to 8.0.16 Jun 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vite-8.0.13 branch from 20ea893 to 22ebb1d Compare June 9, 2026 16:55
@greptile-apps

greptile-apps Bot commented Jun 9, 2026

Copy link
Copy Markdown

Greptile Summary

Automated dependency bump of the vite devDependency from 8.0.12 to 8.0.16, with the pnpm-lock.yaml updated to match. The intermediate releases contain two security-relevant fixes (rejecting UNC paths and Windows alternate paths in launch-editor-middleware) as well as several bug fixes and a rolldown update.

  • package.json: Single version string change for vite; all other deps unchanged.
  • pnpm-lock.yaml: Lock entries updated to resolve vite@8.0.16 and adjust peer-dependency resolution strings for packages that consume it (e.g., @storybook/addon-docs, @storybook/addon-vitest, @vitejs/plugin-react, vitest).

Confidence Score: 5/5

Safe to merge — this is a patch-level vite bump that includes two security fixes (UNC/alternate-path rejection in the dev-server editor middleware) and several bug fixes, with no API-breaking changes.

Both changed files are purely mechanical: a single version string in package.json and the corresponding lockfile re-generation. The new vite versions are patch releases with no breaking changes, and the lockfile diff shows only the expected peer-dependency string updates for packages that consume vite. No application logic is touched.

No files require special attention.

Important Files Changed

Filename Overview
package.json Bumps vite devDependency from 8.0.12 to 8.0.16; no other changes.
pnpm-lock.yaml Lockfile regenerated to reflect the new vite 8.0.16 resolution and its transitive peer-dependency strings; consistent with the package.json change.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[dependabot opens PR] --> B[package.json: vite 8.0.12 → 8.0.16]
    B --> C[pnpm-lock.yaml regenerated]
    C --> D{Downstream peer resolutions updated}
    D --> E["@storybook/addon-docs"]
    D --> F["@storybook/addon-vitest"]
    D --> G["@vitejs/plugin-react"]
    D --> H["vitest / @vitest/browser"]
Loading

Reviews (1): Last reviewed commit: "Bump vite from 8.0.12 to 8.0.16" | Re-trigger Greptile

@dependabot @github

dependabot Bot commented on behalf of github Jun 10, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #176.

@dependabot dependabot Bot closed this Jun 10, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/vite-8.0.13 branch June 10, 2026 04:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file npm npm ecosystem dependency updates

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants