chore(deps): bump vite from 6.4.1 to 8.0.14#41
Conversation
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
github-actions
Bot
added
size/XS
Dependency Changes DetectedThis PR modifies dependency files. Please review whether these changes are intentional. Changed files:
Maintainer checklist:
|
lml2468
left a comment
lml2468
left a comment
There was a problem hiding this comment.
🔴 [REQUEST_CHANGES — self-review, posting as COMMENT] Major version jump with unresolved toolchain incompatibility.
vite 6.4.1 → 8.0.14 (two major versions):
🔴 Blocking: vitest version mismatch. The repo currently uses vitest@2.1.9, which internally depends on vite ^5.0.0. Upgrading vite to 8 while keeping vitest at 2.x will break the test runner. The correct path is:
- Upgrade
vitestto 4.x (latest: 4.1.7) which supportsvite ^6||^7||^8 - This also requires upgrading
@vitest/coverage-v8to 4.1.7 (PR #42 does this) - PRs #41, #42, and a vitest upgrade must be merged together as a coordinated batch
🔵 Vite 7 and 8 introduce breaking changes. Verify vite.config.ts (if any) has no deprecated options. The lock file diff shows removal of many @esbuild/* platform packages — confirm this is expected for vite 8's bundler changes.
Do not merge standalone. Coordinate with PR #42 + vitest upgrade.
Jerry-Xin
left a comment
Jerry-Xin
left a comment
There was a problem hiding this comment.
The Vite major bump is relevant to this repo, but the dependency set and build environment are not compatible yet.
🔴 Blocking
🔴 Critical: npm ci fails because @vitejs/plugin-react@4.7.0 does not accept Vite 8. The PR changes vite to ^8.0.14 in package.json:35, while @vitejs/plugin-react remains ^4.4.1 at package.json:31; the resolved lockfile peer range is only ^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 in package-lock.json:1590 and package-lock.json:1607. I verified this locally with npm ci, which exits with ERESOLVE could not resolve.
🔴 Critical: The repo still builds on Node 18, but Vite 8 requires ^20.19.0 || >=22.12.0. The CI matrix includes Node 18 in .github/workflows/ci.yml:77, and the Docker build image is node:18-alpine in Dockerfile:1. The new Vite lockfile entry declares the higher engine at package-lock.json:4535 and package-lock.json:4551, so even after fixing the React plugin peer conflict, CI/Docker installs remain broken unless the supported Node version is raised.
💬 Non-blocking
🟡 Warning: vitest@2.1.9 still brings its own Vite 5 dependency (package-lock.json:5100, package-lock.json:5123, package-lock.json:5597). After moving the app build to Vite 8, consider upgrading Vitest and @vitest/coverage-v8 to versions intended for that Vite generation so tests exercise a compatible toolchain.
✅ Highlights
The PR is scoped to dependency metadata only, and the Vite config itself does not show obvious API usage that would need application-code changes once the toolchain compatibility issues are fixed.
lml2468
left a comment
lml2468
left a comment
There was a problem hiding this comment.
[CHANGES_REQUESTED] Independent cross-review. Same Dependabot partial-bump pattern.
🔴 Blocking: CI red — ERESOLVE peer dependency mismatch
While resolving: @vitejs/plugin-react@4.7.0
Found: vite@8.0.14
Could not resolve dependency:
peer vite@"^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" from @vitejs/plugin-react@4.7.0
vite bumped from 6.x to 8.x, but @vitejs/plugin-react at ^4.4.1 (resolved to 4.7.0) only peers on vite@^4 || ^5 || ^6 || ^7 — does not include ^8.
Required fix: Either:
- Bump
@vitejs/plugin-reactto a version that supports vite 8.x alongside this PR, OR - Close and configure Dependabot grouping:
groups: vite: patterns: - "vite" - "@vitejs/*"
This is the 3rd Dependabot PR today with the same partial-group problem (#41 vite, #42 vitest, #44 react). A single dependabot.yml update with proper groups would prevent all of them.
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.4.1 to 8.0.14. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.14/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.14 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/vite-8.0.14
branch
from
a7a6990 to
2460f77
Compare
2 participants
Bumps vite from 6.4.1 to 8.0.14.
Release notes
Sourced from vite's releases.
... (truncated)
Changelog
Sourced from vite's changelog.
... (truncated)
Commits
c917f1erelease: v8.0.145d94d1bfix(html): handle trailing slash paths in transformIndexHtml (#22480)98b8163fix(deps): update all non-major dependencies (#22471)96efc88feat: update rolldown to 1.0.2 (#22484)ebf39a0test(css): sass does not use main field (#22449)0ae2844refactor(glob): do not rewrite import path for absolute base (#22310)7cb728echore(deps): update rolldown-related dependencies (#22470)b3132dafix(optimizer): pass oxc jsx options to transformSync in dependency scan ...e8e9a34fix(dev): handle errors when sending messages to vite server (#22450)2c69495chore: remove irrelevant commits from changelog