Skip to content

Bump vite from 8.0.2 to 8.0.5 #1520

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 1 commit into
base: develop
Choose a base branch
from

Bump vite from 8.0.2 to 8.0.5

4ba7be1
Select commit
Loading
Failed to load commit list.
Open

Bump vite from 8.0.2 to 8.0.5 #1520

Bump vite from 8.0.2 to 8.0.5
4ba7be1
Select commit
Loading
Failed to load commit list.
Mergeable / Mergeable failed Apr 6, 2026 in 3s

1/3 Fail(s): MILESTONE

Status: FAIL

    Here are some stats of the run:
    3 validations were ran.
    2 PASSED
    1 FAILED

Details

❌ Validator: MILESTONE

  • A milestone must be assigned to this pull request
    Input :
    Settings : {"no_empty":{"enabled":true,"message":"A milestone must be assigned to this pull request"}}

✔️ Validator: LABEL

  • ✔️ The label is not empty
    Input : dependencies,javascript
    Settings : {"no_empty":{"enabled":true,"message":"A label must be assigned to this pull request"}}

✔️ Validator: DESCRIPTION

  • ✔️ The description is not empty
    Input : Bumps vite from 8.0.2 to 8.0.5.
Release notes

Sourced from vite's releases.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.5 (2026-04-06)

Bug Fixes

  • apply server.fs check to env transport (#22159) (f02d9fd)
  • avoid path traversal with optimize deps sourcemap handler (#22161) (79f002f)
  • check server.fs after stripping query as well (#22160) (a9a3df2)
  • disallow referencing files outside the package from sourcemap (#22158) (f05f501)

8.0.4 (2026-04-06)

Features

  • allow esbuild 0.28 as peer deps (#22155) (b0da973)
  • hmr: truncate list of files on hmr update (#21535) (d00e806)
  • optimizer: log when dependency scanning or bundling takes over 1s (#21797) (f61a1ab)

Bug Fixes

  • hasBothRollupOptionsAndRolldownOptions should return false for proxy case (#22043) (99897d2)
  • add types for vite/modulepreload-polyfill (#22126) (17330d2)
  • deps: update all non-major dependencies (#22073) (6daa10f)
  • deps: update all non-major dependencies (#22143) (22b0166)
  • resolve: resolve tsconfig paths starting with # (#22038) (3460fc5)
  • ssr: use browser platform for webworker SSR builds (fix #21969) (#21963) (364c227)

Documentation

Miscellaneous Chores

Code Refactoring

8.0.3 (2026-03-26)

Features

Bug Fixes

  • html: cache unfiltered CSS list to prevent missing styles across entries (#22017) (5464190)
  • module-runner: handle non-ascii characters in base64 sourcemaps (#21985) (77c95bf)
  • module-runner: skip re-import if the runner is closed (#22020) (ee2c2cd)
  • optimizer: scan is not resolving sub path import if used in a glob import (#22018) (ddfe20d)
  • ssr: ssrTransform incorrectly rewrites meta identifier inside import.meta when a binding named meta exists (#22019) (cff5f0c)

Miscellaneous Chores

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.
Settings : ```{"no_empty":{"enabled":true,"message":"A description must be provided"}}```
View more details on Mergeable