Skip to content

Bump esbuild, @vitejs/plugin-react and vite in /web#27

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/web/multi-5ea19b96cb
Closed

Bump esbuild, @vitejs/plugin-react and vite in /web#27
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/web/multi-5ea19b96cb

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 14, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Removes esbuild. It's no longer used after updating ancestor dependencies esbuild, @vitejs/plugin-react and vite. These dependencies need to be updated together.

Removes esbuild

Updates @vitejs/plugin-react from 4.7.0 to 6.0.2

Release notes

Sourced from @​vitejs/plugin-react's releases.

plugin-react@6.0.2

Allow all options in reactCompilerPreset (#1189)

This is a type only change. Only compilationMode and target options were available for reactCompilerPreset.

plugin-react@6.0.1

Expand @rolldown/plugin-babel peer dep range (#1146)

Expanded @rolldown/plugin-babel peer dep range to include ^0.2.0.

plugin-react@6.0.0

Remove Babel Related Features (#1123)

Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.

If you are using Babel, you can use @rolldown/plugin-babel together with this plugin:

 import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [


react({



  babel: {



    plugins: ['@babel/plugin-proposal-throw-expressions'],



  },



}),





react(),



babel({



  plugins: ['@babel/plugin-proposal-throw-expressions'],



}),

]
})

For React compiler users, you can use reactCompilerPreset for easier setup with preconfigured filter to improve build performance:

 import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
+import react, { reactCompilerPreset } from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [

react({

 babel: {



   plugins: ['babel-plugin-react-compiler'],



</tr></table>

... (truncated)

Changelog

Sourced from @​vitejs/plugin-react's changelog.

6.0.2 (2026-05-14)

Allow all options in reactCompilerPreset (#1189)

This is a type only change. Only compilationMode and target options were available for reactCompilerPreset.

6.0.1 (2026-03-13)

Expand @rolldown/plugin-babel peer dep range (#1146)

Expanded @rolldown/plugin-babel peer dep range to include ^0.2.0.

6.0.0 (2026-03-12)

6.0.0-beta.0 (2026-03-03)

Remove Babel Related Features (#1123)

Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.

If you are using Babel, you can use @rolldown/plugin-babel together with this plugin:

 import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [


react({



  babel: {



    plugins: ['@babel/plugin-proposal-throw-expressions'],



  },



}),





react(),



babel({



  plugins: ['@babel/plugin-proposal-throw-expressions'],



}),

]
})

For React compiler users, you can use reactCompilerPreset for easier setup with preconfigured filter to improve build performance:

 import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
+import react, { reactCompilerPreset } from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
</tr></table>

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​vitejs/plugin-react since your current version.


Updates vite from 6.4.2 to 8.0.16

Release notes

Sourced from vite's releases.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.16 (2026-06-01)

Bug Fixes

8.0.15 (2026-06-01)

Features

Bug Fixes

  • capitalize error messages and remove spurious space in parse error (#22488) (85a0eff)
  • deps: update all non-major dependencies (#22511) (2686d7d)
  • dev: fix html-proxy cache key mismatch for /@fs/ HTML paths (#21762) (47c4213)
  • glob: error on relative glob in virtual module when no files match (#22497) (5c8e98f)
  • optimizer: close the rolldown bundle when write() rejects (#22528) (e3cfb9d)
  • resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#22509) (40985f1)

Miscellaneous Chores

Code Refactoring

8.0.14 (2026-05-21)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22471) (98b8163)
  • dev: handle errors when sending messages to vite server (#22450) (e8e9a34)
  • html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)
  • optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

  • deps: update rolldown-related dependencies (#22470) (7cb728e)
  • remove irrelevant commits from changelog (2c69495)

Code Refactoring

  • glob: do not rewrite import path for absolute base (#22310) (0ae2844)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump esbuild, @vitejs/plugin-react and vite in /web
95e83a5 
Removes [esbuild](https://github.com/evanw/esbuild). It's no longer used after updating ancestor dependencies [esbuild](https://github.com/evanw/esbuild), [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). These dependencies need to be updated together.


Removes `esbuild`

Updates `@vitejs/plugin-react` from 4.7.0 to 6.0.2
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.2/packages/plugin-react)

Updates `vite` from 6.4.2 to 8.0.16
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.16/packages/vite)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-version:
  dependency-type: indirect
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 6.0.2
  dependency-type: direct:development
- dependency-name: vite
  dependency-version: 8.0.16
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 14, 2026
kilo-code-bot[bot]
kilo-code-bot Bot reviewed Jun 14, 2026
View reviewed changes
Comment thread web/package.json
"@vitejs/plugin-react": "^6.0.2",
"typescript": "^5.8.0",
"vite": "^6.3.0"
"vite": "^8.0.16"

@kilo-code-bot kilo-code-bot Bot Jun 14, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: Vite 8 enforces Node.js ^20.19.0 || >=22.12.0, dropping Node 18 and early Node 20 entirely (vite 6 previously allowed ^18 || ^20 || >=22).

The repo has no .nvmrc or .node-version, and CI runners are self-hosted — if they are running Node < 20.19, npm install and vite build will fail with an engine rejection.

Verify the intended Node version before merging, and consider pinning it.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

Comment thread web/package.json
"@types/react": "^19.1.0",
"@types/react-dom": "^19.1.0",
"@vitejs/plugin-react": "^4.5.0",
"@vitejs/plugin-react": "^6.0.2",

@kilo-code-bot kilo-code-bot Bot Jun 14, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WARNING: @vitejs/plugin-react v6.0.0 removed all Babel integration ("babel is no longer a dependency of this plugin and the related features are removed"). Any use of the babel option in this plugin — now or in the future — will silently stop working and will require switching to @rolldown/plugin-babel.

Current vite.config.ts does not use Babel features, so this should be safe today, but it is a footgun for future config changes.

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

@kilo-code-bot

kilo-code-bot Bot commented Jun 14, 2026
edited
Loading

Copy link
Copy Markdown

Code Review Summary

Status: 2 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 0
WARNING 2
SUGGESTION 0
Issue Details (click to expand)

WARNING

File Line Issue
web/package.json 31 Vite 8 enforces Node.js `^20.19.0
web/package.json 29 @vitejs/plugin-react v6.0.0 removed all Babel integration. Any future use of babel: config in this plugin will silently fail; migration to @rolldown/plugin-babel is required for Babel features. Current config is unaffected, but this is a footgun for future changes.
Other Observations (not in diff)

No other observations.

Files Reviewed (2 files)
  • web/package.json - 2 issues
  • web/package-lock.json - lockfile refresh (mechanical)

Fix these issues in Kilo Cloud

Reviewed by step-3.7-flash-20260528 · 1,242,981 tokens

@snapetech

snapetech commented Jun 16, 2026

Copy link
Copy Markdown
Owner

Resolved on main by fc9a152: web tooling now uses @vitejs/plugin-react 6.0.2 and Vite 8.0.16, Node 22 is pinned for the Vite runtime floor, the shipped UI bundle was rebuilt, and npm audit reports zero vulnerabilities. Closing this superseded Dependabot PR.

@snapetech snapetech closed this Jun 16, 2026
@snapetech snapetech deleted the dependabot/npm_and_yarn/web/multi-5ea19b96cb branch June 16, 2026 16:06
@dependabot @github

dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kilo-code-bot kilo-code-bot[bot] kilo-code-bot[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snapetech