chore(deps): update dependency vite to v6

[renovate[bot]]

trafficstars

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
vite (source)	5.2.10 -> 6.2.2

---

Release Notes

vitejs/vite (vite)

v6.2.2

Compare Source

• fix: await client buildStart on top level buildStart (#​19624) (b31faab), closes #​19624
• fix(css): inline css correctly for double quote use strict (#​19590) (d0aa833), closes #​19590
• fix(deps): update all non-major dependencies (#​19613) (363d691), closes #​19613
• fix(indexHtml): ensure correct URL when querying module graph (#​19601) (dc5395a), closes #​19601
• fix(preview): use preview https config, not server (#​19633) (98b3160), closes #​19633
• fix(ssr): use optional chaining to prevent "undefined is not an object" happening in `ssrRewriteStac (4309755), closes #​19612
• feat: show friendly error for malformed base (#​19616) (2476391), closes #​19616
• feat(worker): show asset filename conflict warning (#​19591) (367d968), closes #​19591
• chore: extend commit hash correctly when ambigious with a non-commit object (#​19600) (89a6287), closes #​19600

v6.2.1

Compare Source

• refactor: remove isBuild check from preAliasPlugin (#​19587) (c9e086d), closes #​19587
• refactor: restore endsWith usage (#​19554) (6113a96), closes #​19554
• refactor: use applyToEnvironment in internal plugins (#​19588) (f678442), closes #​19588
• fix(css): stabilize css module hashes with lightningcss in dev mode (#​19481) (92125b4), closes #​19481
• fix(deps): update all non-major dependencies (#​19555) (f612e0f), closes #​19555
• fix(reporter): fix incorrect bundle size calculation with non-ASCII characters (#​19561) (437c0ed), closes #​19561
• fix(sourcemap): combine sourcemaps with multiple sources without matched source (#​18971) (e3f6ae1), closes #​18971
• fix(ssr): named export should overwrite export all (#​19534) (2fd2fc1), closes #​19534
• feat: add *?url&no-inline type and warning for .json?inline / .json?no-inline (#​19566) (c0d3667), closes #​19566
• test: add glob import test case (#​19516) (aa1d807), closes #​19516
• test: convert config playground to unit tests (#​19568) (c0e68da), closes #​19568
• test: convert resolve-config playground to unit tests (#​19567) (db5fb48), closes #​19567
• perf: flush compile cache after 10s (#​19537) (6c8a5a2), closes #​19537
• chore(css): move environment destructuring after condition check (#​19492) (c9eda23), closes #​19492
• chore(html): remove unnecessary value check (#​19491) (797959f), closes #​19491

v6.2.0

Compare Source

• fix(deps): update all non-major dependencies (#​19501) (c94c9e0), closes #​19501
• fix(worker): string interpolation in dynamic worker options (#​19476) (07091a1), closes #​19476
• chore: use unicode cross icon instead of x (#​19497) (5c70296), closes #​19497

v6.1.1

Compare Source

• fix: ensure .[cm]?[tj]sx? static assets are JS mime (#​19453) (e7ba55e), closes #​19453
• fix: ignore *.ipv4 address in cert (#​19416) (973283b), closes #​19416
• fix(css): run rewrite plugin if postcss plugin exists (#​19371) (bcdb51a), closes #​19371
• fix(deps): bump tsconfck (#​19375) (746a583), closes #​19375
• fix(deps): update all non-major dependencies (#​19392) (60456a5), closes #​19392
• fix(deps): update all non-major dependencies (#​19440) (ccac73d), closes #​19440
• fix(html): ignore malformed src attrs (#​19397) (aff7812), closes #​19397
• fix(worker): fix web worker type detection (#​19462) (edc65ea), closes #​19462
• refactor: remove custom .jxl mime (#​19457) (0c85464), closes #​19457
• feat: add support for injecting debug IDs (#​18763) (0ff556a), closes #​18763
• chore: update 6.1.0 changelog (#​19363) (fa7c211), closes #​19363

v6.1.0

Compare Source

Features

• feat: show hosts in cert in CLI (#​19317) (a5e306f), closes #​19317
• feat: support for env var for defining allowed hosts (#​19325) (4d88f6c), closes #​19325
• feat: use native runtime to import the config (#​19178) (7c2a794), closes #​19178
• feat: print port in the logged error message after failed WS connection with EADDRINUSE (#​19212) (14027b0), closes #​19212
• perf(css): only run postcss when needed (#​19061) (30194fa), closes #​19061
• feat: add support for .jxl (#​18855) (57b397c), closes #​18855
• feat: add the builtins environment resolve (#​18584) (2c2d521), closes #​18584
• feat: call Logger for plugin logs in build (#​13757) (bf3e410), closes #​13757
• feat: export defaultAllowedOrigins for user-land config and 3rd party plugins (#​19259) (dc8946b), closes #​19259
• feat: expose createServerModuleRunnerTransport (#​18730) (8c24ee4), closes #​18730
• feat: support async for proxy.bypass (#​18940) (a6b9587), closes #​18940
• feat: support log related functions in dev (#​18922) (3766004), closes #​18922
• feat: use module runner to import the config (#​18637) (b7e0e42), closes #​18637
• feat(css): add friendly errors for IE hacks that are not supported by lightningcss (#​19072) (caad985), closes #​19072
• feat(optimizer): support bun text lockfile (#​18403) (05b005f), closes #​18403
• feat(reporter): add wasm to the compressible assets regex (#​19085) (ce84142), closes #​19085
• feat(worker): support dynamic worker option fields (#​19010) (d0c3523), closes #​19010

Fixes

• fix: avoid builtStart during vite optimize (#​19356) (fdb36e0), closes #​19356
• fix(build): fix stale build manifest on watch rebuild (#​19361) (fcd5785), closes #​19361
• fix: allow expanding env vars in reverse order (#​19352) (3f5f2bd), closes #​19352
• fix: avoid packageJson without name in resolveLibCssFilename (#​19324) (f183bdf), closes #​19324
• fix(html): fix css disorder when building multiple entry html (#​19143) (e7b4ba3), closes #​19143
• fix: don't call buildStart hooks for vite optimize (#​19347) (19ffad0), closes #​19347
• fix: don't call next middleware if user sent response in proxy.bypass (#​19318) (7e6364d), closes #​19318
• fix: respect top-level server.preTransformRequests (#​19272) (12aaa58), closes #​19272
• fix: use nodeLikeBuiltins for ssr.target: 'webworker' without noExternal: true (#​19313) (9fc31b6), closes #​19313
• fix(css): less @plugin imports of JS files treated as CSS and rebased (fix #​19268) (#​19269) (602b373), closes #​19268 #​19269
• fix(deps): update all non-major dependencies (#​19296) (2bea7ce), closes #​19296
• fix(resolve): preserve hash/search of file url (#​19300) (d1e1b24), closes #​19300
• fix(resolve): warn if node-like builtin was imported when resolve.builtin is empty (#​19312) (b7aba0b), closes #​19312
• fix(ssr): fix transform error due to export all id scope (#​19331) (e28bce2), closes #​19331
• fix(ssr): pretty print plugin error in ssrLoadModule (#​19290) (353c467), closes #​19290
• fix: change ResolvedConfig type to interface to allow extending it (#​19210) (bc851e3), closes #​19210
• fix: correctly resolve hmr dep ids and fallback to url (#​18840) (b84498b), closes #​18840
• fix: make --force work for all environments (#​18901) (51a42c6), closes #​18901
• fix: use loc.file from rollup errors if available (#​19222) (ce3fe23), closes #​19222
• fix(deps): update all non-major dependencies (#​19190) (f2c07db), closes #​19190
• fix(hmr): register inlined assets as a dependency of CSS file (#​18979) (eb22a74), closes #​18979
• fix(resolve): support resolving TS files by JS extension specifiers in JS files (#​18889) (612332b), closes #​18889
• fix(ssr): combine empty source mappings (#​19226) (ba03da2), closes #​19226
• fix(utils): clone RegExp values with new RegExp instead of structuredClone (fix #​19245, fix #​1 (56ad2be), closes #​19245 #​18875 #​19247

Chore

• refactor: deprecate vite optimize command (#​19348) (6e0e3c0), closes #​19348
• chore: update deprecate links domain (#​19353) (2b2299c), closes #​19353
• docs: rephrase browser range and features relation (#​19286) (97569ef), closes #​19286
• docs: update build.manifest jsdocs (#​19332) (4583781), closes #​19332
• chore: remove outdated code comment about scanImports not being used in ssr (#​19285) (fbbc6da), closes #​19285
• chore: unneeded name in lockfileFormats (#​19275) (96092cb), closes #​19275
• chore(deps): update dependency strip-literal to v3 (#​19231) (1172d65), closes #​19231

Beta Changelogs

6.1.0-beta.2 (2025-02-04)

See 6.1.0-beta.2 changelog

6.1.0-beta.1 (2025-02-04)

See 6.1.0-beta.1 changelog

6.1.0-beta.0 (2025-01-24)

See 6.1.0-beta.0 changelog

v6.0.11

Compare Source

• fix: preview.allowedHosts with specific values was not respected (#​19246) (aeb3ec8), closes #​19246
• fix: allow CORS from loopback addresses by default (#​19249) (3d03899), closes #​19249

v6.0.10

Compare Source

• fix: try parse server.origin URL (#​19241) (2495022), closes #​19241

v6.0.9

Compare Source

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (bd896fb)
• fix!: default server.cors: false to disallow fetching from untrusted origins (b09572a)
• fix: verify token for HMR WebSocket connection (029dcd6)

v6.0.8

Compare Source

• fix: avoid SSR HMR for HTML files (#​19193) (3bd55bc), closes #​19193
• fix: build time display 7m 60s (#​19108) (cf0d2c8), closes #​19108
• fix: don't resolve URL starting with double slash (#​19059) (35942cd), closes #​19059
• fix: ensure server.close() only called once (#​19204) (db81c2d), closes #​19204
• fix: resolve.conditions in ResolvedConfig was defaultServerConditions (#​19174) (ad75c56), closes #​19174
• fix: tree shake stringified JSON imports (#​19189) (f2aed62), closes #​19189
• fix: use shared sigterm callback (#​19203) (47039f4), closes #​19203
• fix(deps): update all non-major dependencies (#​19098) (8639538), closes #​19098
• fix(optimizer): use correct default install state path for yarn PnP (#​19119) (e690d8b), closes #​19119
• fix(types): improve ESBuildOptions.include / exclude type to allow readonly (string | RegExp)[] (ea53e70), closes #​19146
• chore(deps): update dependency pathe to v2 (#​19139) (71506f0), closes #​19139

v6.0.7

Compare Source

• fix: fix minify when builder.sharedPlugins: true (#​19025) (f7b1964), closes #​19025
• fix: skip the plugin if it has been called before with the same id and importer (#​19016) (b178c90), closes #​19016
• fix(html): error while removing vite-ignore attribute for inline script (#​19062) (a492253), closes #​19062
• fix(ssr): fix semicolon injection by ssr transform (#​19097) (1c102d5), closes #​19097
• perf: skip globbing for static path in warmup (#​19107) (677508b), closes #​19107
• feat(css): show lightningcss warnings (#​19076) (b07c036), closes #​19076

v6.0.6

Compare Source

• fix: replace runner-side path normalization with fetchModule-side resolve (#​18361) (9f10261), closes #​18361
• fix(css): resolve style tags in HTML files correctly for lightningcss (#​19001) (afff05c), closes #​19001
• fix(css): show correct error when unknown placeholder is used for CSS modules pattern in lightningcs (9290d85), closes #​19070
• fix(resolve): handle package.json with UTF-8 BOM (#​19000) (902567a), closes #​19000
• fix(ssrTransform): preserve line offset when transforming imports (#​19004) (1aa434e), closes #​19004
• chore: fix typo in comment (#​19067) (eb06ec3), closes #​19067
• chore: update comment about build.target (#​19047) (0e9e81f), closes #​19047
• revert: unpin esbuild version (#​19043) (8bfe247), closes #​19043
• test(ssr): test virtual module with query (#​19044) (a1f4b46), closes #​19044

v6.0.5

Compare Source

• fix: esbuild regression (pin to 0.24.0) (#​19027) (4359e0d), closes #​19027

v6.0.4

Compare Source

• fix: this.resolve skipSelf should not skip for different id or import (#​18903) (4727320), closes #​18903
• fix: fallback terser to main thread when function options are used (#​18987) (12b612d), closes #​18987
• fix: merge client and ssr values for pluginContainer.getModuleInfo (#​18895) (258cdd6), closes #​18895
• fix(css): escape double quotes in url() when lightningcss is used (#​18997) (3734f80), closes #​18997
• fix(css): root relative import in sass modern API on Windows (#​18945) (c4b532c), closes #​18945
• fix(css): skip non css in custom sass importer (#​18970) (21680bd), closes #​18970
• fix(deps): update all non-major dependencies (#​18967) (d88d000), closes #​18967
• fix(deps): update all non-major dependencies (#​18996) (2b4f115), closes #​18996
• fix(optimizer): keep NODE_ENV as-is when keepProcessEnv is true (#​18899) (8a6bb4e), closes #​18899
• fix(ssr): recreate ssrCompatModuleRunner on restart (#​18973) (7d6dd5d), closes #​18973
• chore: better validation error message for dts build (#​18948) (63b82f1), closes #​18948
• chore(deps): update all non-major dependencies (#​18916) (ef7a6a3), closes #​18916
• chore(deps): update dependency @​rollup/plugin-node-resolve to v16 (#​18968) (62fad6d), closes #​18968
• refactor: make internal invoke event to use the same interface with handleInvoke (#​18902) (27f691b), closes #​18902
• refactor: simplify manifest plugin code (#​18890) (1bfe21b), closes #​18890
• test: test ModuleRunnerTransport invoke API (#​18865) (e5f5301), closes #​18865
• test: test output hash changes (#​18898) (bfbb130), closes #​18898

v6.0.3

Compare Source

• fix: handle postcss load unhandled rejections (#​18886) (d5fb653), closes #​18886
• fix: make handleInvoke interface compatible with invoke (#​18876) (a1dd396), closes #​18876
• fix: make result interfaces for ModuleRunnerTransport#invoke more explicit (#​18851) (a75fc31), closes #​18851
• fix: merge environments.ssr.resolve with root ssr config (#​18857) (3104331), closes #​18857
• fix: no permission to create vite config file (#​18844) (ff47778), closes #​18844
• fix: remove CSS import in CJS correctly in some cases (#​18885) (690a36f), closes #​18885
• fix(config): bundle files referenced with imports field (#​18887) (2b5926a), closes #​18887
• fix(config): make stacktrace path correct when sourcemap is enabled (#​18833) (20fdf21), closes #​18833
• fix(css): rewrite url when image-set and url exist at the same time (#​18868) (d59efd8), closes #​18868
• fix(deps): update all non-major dependencies (#​18853) (5c02236), closes #​18853
• fix(html): allow unexpected question mark in tag name (#​18852) (1b54e50), closes #​18852
• fix(module-runner): decode uri for file url passed to import (#​18837) (88e49aa), closes #​18837
• refactor: fix logic errors found by no-unnecessary-condition rule (#​18891) (ea802f8), closes #​18891
• chore: fix duplicate attributes issue number in comment (#​18860) (ffee618), closes #​18860

v6.0.2

Compare Source

• chore: run typecheck in unit tests (#​18858) (49f20bb), closes #​18858
• chore: update broken links in changelog (#​18802) (cb754f8), closes #​18802
• chore: update broken links in changelog (#​18804) (47ec49f), closes #​18804
• fix: don't store temporary vite config file in node_modules if deno (#​18823) (a20267b), closes #​18823
• fix(css): referencing aliased svg asset with lightningcss enabled errored (#​18819) (ae68958), closes #​18819
• fix(manifest): use style.css as a key for the style file for cssCodesplit: false (#​18820) (ec51115), closes #​18820
• fix(optimizer): resolve all promises when cancelled (#​18826) (d6e6194), closes #​18826
• fix(resolve): don't set builtinModules to external by default (#​18821) (2250ffa), closes #​18821
• fix(ssr): set ssr.target: 'webworker' defaults as fallback (#​18827) (b39e696), closes #​18827
• feat(css): format lightningcss error (#​18818) (dac7992), closes #​18818
• refactor: make properties of ResolvedServerOptions and ResolvedPreviewOptions required (#​18796) (51a5569), closes #​18796

v6.0.1

Compare Source

• fix: preview.allowedHosts with specific values was not respected (#​19246) (aeb3ec8), closes #​19246
• fix: allow CORS from loopback addresses by default (#​19249) (3d03899), closes #​19249

v6.0.0

Compare Source

Today, we're taking another big step in Vite's story. The Vite team, contributors, and ecosystem partners are excited to announce the release of the next Vite major:

• Vite 6.0 announcement blog post
• Docs
• Translations: 简体中文, 日本語, Español, Português, 한국어, Deutsch
• Migration Guide

We want to thank the more than 1K contributors to Vite Core and the maintainers and contributors of Vite plugins, integrations, tools, and translations that have helped us craft this new major. We invite you to get involved and help us improve Vite for the whole ecosystem. Learn more at our Contributing Guide.

Breaking Changes

• feat!: drop node 21 support in version ranges (#​18729) (a384d8f), closes #​18729
• fix(deps)!: update dependency dotenv-expand to v12 (#​18697) (0c658de), closes #​18697
• feat(html)!: support more asset sources (#​11138) (8a7af50), closes #​11138
• feat(resolve)!: allow removing conditions (#​18395) (d002e7d), closes #​18395
• refactor!: remove fs.cachedChecks option (#​18493) (94b0857), closes #​18493
• feat!: proxy bypass with WebSocket (#​18070) (3c9836d), closes #​18070
• feat!: support file:// resolution (#​18422) (6a7e313), closes #​18422
• feat!: update to chokidar v4 (#​18453) (192d555), closes #​18453
• feat(lib)!: use package name for css output file name (#​18488) (61cbf6f), closes [#​18488](https://redirect

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel[bot]]

Deployment failed with the following error:

Resource is limited - try again in 21 minutes (more than 100, code: "api-deployments-free-per-day").

[coderabbitai[bot]]

[!IMPORTANT]

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[socket-security[bot]]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vite@​5.2.10 ⏵ 6.3.5	+1	+25		+1

View full report

[changeset-bot[bot]]

⚠️ No Changeset found

Latest commit: 30ad6e677d94729b71d42b910a0f92114bd370cb

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
dapp-demo	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 5, 2025 0:40am

[vercel[bot]]

Deployment failed with the following error:

Resource is limited - try again in 4 hours (more than 100, code: "api-deployments-free-per-day").

[vercel[bot]]

Deployment failed with the following error:

Resource is limited - try again in 58 minutes (more than 100, code: "api-deployments-free-per-day").

[socket-security[bot]]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

[gitstream-cm[bot]]

🚨 gitStream Monthly Automation Limit Reached 🚨

Your organization has exceeded the number of pull requests allowed for automation with gitStream. Monthly PRs automated: 251/250

To continue automating your PR workflows and unlock additional features, please contact LinearB.