chore(deps-dev): bump vite from 5.4.21 to 8.0.14 in /plugins/trust-center/frontend in the npm_and_yarn group across 1 directory#191
Conversation
Bumps the npm_and_yarn group with 1 update in the /plugins/trust-center/frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 5.4.21 to 8.0.14 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.14/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.14 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Greptile SummaryThis PR upgrades
Confidence Score: 3/5Not safe to merge without also upgrading @vitejs/plugin-react to a version that supports Vite 8. The vite jump spans three major versions, and the companion @vitejs/plugin-react package is left at v4, which was designed for Vite 4/5. The Vite 8 team only confirmed v5 and v6 of the plugin as compatible with Vite 8; v4's peer dependency range almost certainly excludes Vite 8, making the install or build likely to fail. Merging without updating the plugin leaves the frontend in a broken or unverified state. plugins/trust-center/frontend/package.json — the @vitejs/plugin-react version needs to be bumped alongside vite. Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A["package.json\nvite: ^5.3.1 → ^8.0.14"] --> B{Peer dep check}
B --> C["@vitejs/plugin-react@^4.3.0\npeerDeps: vite ^4 || ^5"]
C --> D["❌ Peer dep conflict\n(Vite 8 not in range)"]
B --> E["vite@8 (Rolldown/Oxc)\nreplaces Rollup/esbuild"]
E --> F["vite.config.js\nsimple — no advanced APIs"]
F --> G["✅ Config OK if plugin\ndep is resolved"]
D --> H["Recommended: bump\n@vitejs/plugin-react to ^5 or ^6"]
H --> G
Reviews (1): Last reviewed commit: "chore(deps-dev): bump vite" | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| @@ -17,6 +17,6 @@ | |||
| "devDependencies": { | |||
| "@types/react": "^18.3.3", | |||
| "@vitejs/plugin-react": "^4.3.0", | |||
There was a problem hiding this comment.
@vitejs/plugin-react needs a matching upgrade for Vite 8
@vitejs/plugin-react@^4.3.0 was built for Vite 4/5 and its peer dependencies do not cover Vite 8. The official Vite 8 announcement explicitly states that v5 (and the newly released v6) work with Vite 8 — v4 is not mentioned as compatible. Running npm install with this combination will likely produce a peer dependency conflict (ERESOLVE), and the build may fail even if the install succeeds, because the plugin relies on internal Vite APIs that changed significantly across three major versions (Rolldown/Oxc replaced Rollup/esbuild in Vite 8). The plugin should be bumped to at least ^5.0.0 (preferably ^6.0.0) alongside this Vite upgrade.
Bumps the npm_and_yarn group with 1 update in the /plugins/trust-center/frontend directory: vite.
Updates
vitefrom 5.4.21 to 8.0.14Release notes
Sourced from vite's releases.
... (truncated)
Changelog
Sourced from vite's changelog.
... (truncated)
Commits
c917f1erelease: v8.0.145d94d1bfix(html): handle trailing slash paths in transformIndexHtml (#22480)98b8163fix(deps): update all non-major dependencies (#22471)96efc88feat: update rolldown to 1.0.2 (#22484)ebf39a0test(css): sass does not use main field (#22449)0ae2844refactor(glob): do not rewrite import path for absolute base (#22310)7cb728echore(deps): update rolldown-related dependencies (#22470)b3132dafix(optimizer): pass oxc jsx options to transformSync in dependency scan ...e8e9a34fix(dev): handle errors when sending messages to vite server (#22450)2c69495chore: remove irrelevant commits from changelogDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.