Skip to content

chore(deps-dev): bump the npm_and_yarn group across 2 directories with 1 update#189

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/plugins/trust-center/frontend/npm_and_yarn-c01401b770
Open

chore(deps-dev): bump the npm_and_yarn group across 2 directories with 1 update#189
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/plugins/trust-center/frontend/npm_and_yarn-c01401b770

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 21, 2026
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps the npm_and_yarn group with 1 update in the /plugins/trust-center/frontend directory: vite.
Bumps the npm_and_yarn group with 1 update in the /plugins/trust-center/references/frontend-files directory: vite.

Updates vite from 5.4.21 to 8.0.14

Release notes

Sourced from vite's releases.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.14 (2026-05-21)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22471) (98b8163)
  • dev: handle errors when sending messages to vite server (#22450) (e8e9a34)
  • html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)
  • optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

  • deps: update rolldown-related dependencies (#22470) (7cb728e)
  • remove irrelevant commits from changelog (2c69495)

Code Refactoring

  • glob: do not rewrite import path for absolute base (#22310) (0ae2844)

Tests

8.0.13 (2026-05-14)

Features

  • bundled-dev: add lazy bundling support (#21406) (4f0949f)
  • optimizer: improve the esbuild plugin converter to pass some properties of build result to onEnd (#22357) (47071ce)
  • update rolldown to 1.0.1 (#22444) (8c766a6)

Bug Fixes

  • build: copy public directory after building same environment with write=false (#22328) (158e8ae)
  • css: await sass/less/styl worker disposal on teardown (fix #22274) (#22275) (b7edcb7)
  • css: keep deprecated name/originalFileName in synthetic assetFileNames call (#22439) (8e59c97)
  • make isBundled per environment (#22257) (a576326)
  • ssr: avoid rewriting labels that collide with imports (#22451) (d9b18e0)

Miscellaneous Chores

8.0.12 (2026-05-11)

Features

... (truncated)

Commits
  • c917f1e release: v8.0.14
  • 5d94d1b fix(html): handle trailing slash paths in transformIndexHtml (#22480)
  • 98b8163 fix(deps): update all non-major dependencies (#22471)
  • 96efc88 feat: update rolldown to 1.0.2 (#22484)
  • ebf39a0 test(css): sass does not use main field (#22449)
  • 0ae2844 refactor(glob): do not rewrite import path for absolute base (#22310)
  • 7cb728e chore(deps): update rolldown-related dependencies (#22470)
  • b3132da fix(optimizer): pass oxc jsx options to transformSync in dependency scan ...
  • e8e9a34 fix(dev): handle errors when sending messages to vite server (#22450)
  • 2c69495 chore: remove irrelevant commits from changelog
  • Additional commits viewable in compare view

Updates vite from 5.4.21 to 8.0.14

Release notes

Sourced from vite's releases.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.14 (2026-05-21)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22471) (98b8163)
  • dev: handle errors when sending messages to vite server (#22450) (e8e9a34)
  • html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)
  • optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

  • deps: update rolldown-related dependencies (#22470) (7cb728e)
  • remove irrelevant commits from changelog (2c69495)

Code Refactoring

  • glob: do not rewrite import path for absolute base (#22310) (0ae2844)

Tests

8.0.13 (2026-05-14)

Features

  • bundled-dev: add lazy bundling support (#21406) (4f0949f)
  • optimizer: improve the esbuild plugin converter to pass some properties of build result to onEnd (#22357) (47071ce)
  • update rolldown to 1.0.1 (#22444) (8c766a6)

Bug Fixes

  • build: copy public directory after building same environment with write=false (#22328) (158e8ae)
  • css: await sass/less/styl worker disposal on teardown (fix #22274) (#22275) (b7edcb7)
  • css: keep deprecated name/originalFileName in synthetic assetFileNames call (#22439) (8e59c97)
  • make isBundled per environment (#22257) (a576326)
  • ssr: avoid rewriting labels that collide with imports (#22451) (d9b18e0)

Miscellaneous Chores

8.0.12 (2026-05-11)

Features

... (truncated)

Commits
  • c917f1e release: v8.0.14
  • 5d94d1b fix(html): handle trailing slash paths in transformIndexHtml (#22480)
  • 98b8163 fix(deps): update all non-major dependencies (#22471)
  • 96efc88 feat: update rolldown to 1.0.2 (#22484)
  • ebf39a0 test(css): sass does not use main field (#22449)
  • 0ae2844 refactor(glob): do not rewrite import path for absolute base (#22310)
  • 7cb728e chore(deps): update rolldown-related dependencies (#22470)
  • b3132da fix(optimizer): pass oxc jsx options to transformSync in dependency scan ...
  • e8e9a34 fix(dev): handle errors when sending messages to vite server (#22450)
  • 2c69495 chore: remove irrelevant commits from changelog
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps-dev): bump the npm_and_yarn group across 2 directories wit…
7f712c4 
…h 1 update

Bumps the npm_and_yarn group with 1 update in the /plugins/trust-center/frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /plugins/trust-center/references/frontend-files directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `vite` from 5.4.21 to 8.0.14
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.14/packages/vite)

Updates `vite` from 5.4.21 to 8.0.14
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.14/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 8.0.14
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 8.0.14
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from a team as a code owner May 21, 2026 12:58
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 21, 2026
@greptile-apps
Copy link
Copy Markdown

greptile-apps Bot commented May 21, 2026

Greptile Summary

This Dependabot PR bumps vite from ^5.3.1 to ^8.0.14 across two identical package.json files (plugins/trust-center/frontend and plugins/trust-center/references/frontend-files), a three-major-version jump.

  • The vite.config.js files are minimal and should not require changes for Vite 8, but the jump spans breaking changes in Vite 6 (Node.js >=20.19 or >=22.12 required), Vite 7 (browser target and Sass API changes), and Vite 8 (rolldown bundler).
  • @vitejs/plugin-react remains pinned at ^4.3.0, which does not list Vite 8 in its peer dependencies range — Vite 8 support was first added in plugin-react@5.2.0, and v6 is the recommended pairing for Vite 8. This plugin should be upgraded alongside vite.

Confidence Score: 3/5

The vite upgrade will produce an unmet peer dependency with @vitejs/plugin-react@^4 and may fail strict package managers; the plugin should be co-upgraded before merging.

The Vite 8 upgrade is paired with @vitejs/plugin-react@^4.3.0, whose peer dependency range does not include Vite 8 — Vite 8 support was added only in plugin-react@5.2.0. This will cause install-time peer dep errors with strict package managers and may lead to runtime breakage. The fix is straightforward (co-bump the plugin to ^5.2.0 or ^6.0.0), but the current PR as-is is not safe to merge without that change.

Both package.json files need @vitejs/plugin-react bumped to a version that declares Vite 8 in its peer dependency range.

Important Files Changed

Filename Overview
plugins/trust-center/frontend/package.json Bumps vite from ^5.3.1 to ^8.0.14; @vitejs/plugin-react@^4.3.0 does not declare Vite 8 in its peer deps range, causing an unmet peer dependency
plugins/trust-center/references/frontend-files/package.json Same vite bump as the frontend package; carries the same @vitejs/plugin-react peer dependency mismatch

Fix All in Claude Code Fix All in Codex Fix All in Cursor

Reviews (1): Last reviewed commit: "chore(deps-dev): bump the npm_and_yarn g..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed May 21, 2026
View reviewed changes
Comment thread plugins/trust-center/frontend/package.json
Comment on lines 19 to +20
"@vitejs/plugin-react": "^4.3.0",
"vite": "^5.3.1"
"vite": "^8.0.14"
Copy link
Copy Markdown

@greptile-apps greptile-apps Bot May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Incompatible @vitejs/plugin-react version for Vite 8

@vitejs/plugin-react@^4.3.0 does not include Vite 8 in its peer dependency range. Vite 8 compatibility was added in plugin-react@5.2.0 and the recommended pairing is v6 (released alongside Vite 8). Installing as-is will produce unmet peer dependency errors. The plugin should be bumped to at least ^5.2.0 (or the recommended ^6.0.0) alongside this Vite upgrade. The same issue exists in plugins/trust-center/references/frontend-files/package.json.

Fix in Claude Code Fix in Codex Fix in Cursor

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants