Skip to content

build(deps-dev): bump vite from 6.4.2 to 8.0.12#96

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vite-8.0.12
Open

build(deps-dev): bump vite from 6.4.2 to 8.0.12#96
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vite-8.0.12

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Bumps vite from 6.4.2 to 8.0.12.

Release notes

Sourced from vite's releases.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.1

Please refer to CHANGELOG.md for details.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.12 (2026-05-11)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22420) (2be6000)
  • module-runner: prevent partial-exports race on concurrent imports of in-flight invalidated re-export chains (#22369) (f5a22e6)
  • refer to rolldownOptions instead of deprecated rollupOptions in messages (#22400) (b675c7b)
  • worker: apply build.target to worker bundle (#22404) (3c93fde)
  • worker: forward define to worker bundle transform (#22408) (d4838a0)

Miscellaneous Chores

8.0.11 (2026-05-07)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22334) (672c962)
  • deps: update all non-major dependencies (#22382) (5c0cfcb)
  • glob: align hmr matcher options with glob enumeration (#22306) (30028f9)
  • make separate object instance for each environment (#22276) (7c2aa3b)

Documentation

Miscellaneous Chores

  • deps: update dependency tsdown to ^0.21.10 (#22333) (3b51e05)
  • deps: update rolldown-related dependencies (#22383) (555ff36)
  • deps: update transitive packages to fix npm audit alerts (#22316) (86aee62)

Code Refactoring

Tests

... (truncated)

Commits
  • 4dce8b4 release: v8.0.12
  • b675c7b fix: refer to rolldownOptions instead of deprecated rollupOptions in mess...
  • 66b9eb3 chore(deps): update rolldown-related dependencies (#22421)
  • 2fe7bd2 chore(deps): update dependency eslint-plugin-n to v18 (#22423)
  • 2be6000 fix(deps): update all non-major dependencies (#22420)
  • d4838a0 fix(worker): forward define to worker bundle transform (#22408)
  • cf0ff41 feat: update rolldown to 1.0.0 (#22401)
  • 3c93fde fix(worker): apply build.target to worker bundle (#22404)
  • f5a22e6 fix(module-runner): prevent partial-exports race on concurrent imports of in-...
  • 66f3194 release: v8.0.11
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps-dev): bump vite from 6.4.2 to 8.0.12
987a47c 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.4.2 to 8.0.12.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.12/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 8.0.12
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 12, 2026
@cursor
Copy link
Copy Markdown

cursor Bot commented May 12, 2026
edited
Loading

PR Summary

Medium Risk
Major vite upgrade can change dev/build output and bundling behavior (notably moving from rollup to rolldown), potentially impacting the Electron app build pipeline despite no app code changes.

Overview
Updates vite from ^6.4.2 to ^8.0.12 in package.json.

Refreshes package-lock.json for the v8 toolchain, including new rolldown bindings and other updated transitive deps (e.g., postcss, nanoid, tinyglobby, esbuild platform packages).

Reviewed by Cursor Bugbot for commit 987a47c. Bugbot is set up for automated code reviews on this repo. Configure here.

@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 12, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedvite@​6.4.2 ⏵ 8.0.1299 +81008298100

View full report

cursor[bot]
cursor Bot reviewed May 12, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 987a47c. Configure here.

Comment thread package.json
"tailwindcss": "^4.1.0",
"typescript": "^6.0.3",
"vite": "^6.4.2"
"vite": "^8.0.12"
Copy link
Copy Markdown

@cursor cursor Bot May 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Vite 8 incompatible with electron-vite peer dependency

High Severity

electron-vite@5.0.0 declares a peer dependency of "vite": "^5.0.0 || ^6.0.0 || ^7.0.0", which does not include vite 8. Bumping vite to ^8.0.12 without upgrading electron-vite to a compatible version will cause a peer dependency conflict and likely build/runtime failures, since electron-vite is used for dev, build, and preview scripts.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 987a47c. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants