Skip to content

[Docs Site] Bump vite from 7.3.5 to 8.0.16#31357

Closed
dependabot[bot] wants to merge 1 commit into
productionfrom
dependabot/npm_and_yarn/vite-8.0.16
Closed

[Docs Site] Bump vite from 7.3.5 to 8.0.16#31357
dependabot[bot] wants to merge 1 commit into
productionfrom
dependabot/npm_and_yarn/vite-8.0.16

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps vite from 7.3.5 to 8.0.16.

Release notes

Sourced from vite's releases.

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.16 (2026-06-01)

Bug Fixes

8.0.15 (2026-06-01)

Features

Bug Fixes

  • capitalize error messages and remove spurious space in parse error (#22488) (85a0eff)
  • deps: update all non-major dependencies (#22511) (2686d7d)
  • dev: fix html-proxy cache key mismatch for /@fs/ HTML paths (#21762) (47c4213)
  • glob: error on relative glob in virtual module when no files match (#22497) (5c8e98f)
  • optimizer: close the rolldown bundle when write() rejects (#22528) (e3cfb9d)
  • resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#22509) (40985f1)

Miscellaneous Chores

Code Refactoring

8.0.14 (2026-05-21)

Features

Bug Fixes

  • deps: update all non-major dependencies (#22471) (98b8163)
  • dev: handle errors when sending messages to vite server (#22450) (e8e9a34)
  • html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)
  • optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

  • deps: update rolldown-related dependencies (#22470) (7cb728e)
  • remove irrelevant commits from changelog (2c69495)

Code Refactoring

  • glob: do not rewrite import path for absolute base (#22310) (0ae2844)

... (truncated)

Commits

@dependabot dependabot Bot requested review from a team as code owners June 9, 2026 20:11
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 9, 2026
@github-actions github-actions Bot added the size/m label Jun 9, 2026
@github-actions

github-actions Bot commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern Owners
package.json @cloudflare/content-engineering
* @cloudflare/product-owners

@github-actions

github-actions Bot commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

CI run failed: build logs

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vite-8.0.16 branch from ba2dc01 to 7eaa5ab Compare June 9, 2026 21:02
@mvvmm

mvvmm commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vite-8.0.16 branch from 7eaa5ab to 4838659 Compare June 9, 2026 22:02
@mvvmm mvvmm mentioned this pull request Jun 9, 2026
Open
@mvvmm

mvvmm commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

/review

@cloudflare-docs-bot

cloudflare-docs-bot Bot commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Dependabot review

Package Impact Recommendation
vite 7.3.5 → 8.0.16 🟠 Medium ⚠️ Verify

Overall: ✅ Merge + spot-check

This PR bumps Vite from 7.3.5 to 8.0.16 — a major version upgrade that replaces Rollup with Rolldown as the default production bundler, tightens Node engine requirements, and includes security fixes plus several dev-server improvements. In this repo Vite is a direct devDependency consumed by vitest, vite-tsconfig-paths, and Astro’s getViteConfig helper (used in vitest.config.ts for Astro component tests). The site build is handled by Astro, which bundles its own Vite copy, so the direct build impact is low. However, the MIGRATION.md explicitly flags getViteConfig as sensitive to Vitest/Vite version pairings, and while vitest 4.1.8 resolves Vite 8 without a peer-dep conflict, the major-version bundler change is still unverified here. The safest path is to run the full test suite (Node, Astro, Workers projects) and an astro build before merging.

Package details

vite: 7.3.5 → 8.0.16

Type: devDependency
Dependency type: direct

What changed

  • Major version bump (7 → 8) — default production bundler switched from Rollup to Rolldown (v1.0.3).
  • Node engine requirement tightened to ^20.19.0 || >=22.12.0 (repo already requires >=24.0.0).
  • Security fixes: reject UNC paths and Windows alternate paths in launch-editor-middleware.
  • Dev server fixes: HTML-proxy cache key mismatch for /@fs/ paths, request timeout 408 responses, glob resolution for virtual modules, optimizer bundle cleanup.
  • Dependency refresh: esbuild peer bumped to ^0.27.0 || ^0.28.0; rolldown-related packages updated.

Usage in this repo
Direct devDependency used by vitest and vite-tsconfig-paths. astro.config.ts passes vite.resolve.alias to Astro. vitest.config.ts uses getViteConfig from astro/config for Astro component tests.

Impact: 🟠 Medium — The build step is handled by Astro (which bundles its own Vite), so direct build impact is low. The main exposure is through vitest and getViteConfig(), which our own MIGRATION.md flags as sensitive to Vitest/Vite versions. Vitest 4.1.8 resolves Vite 8 as a peer without conflict, but because this is a major version with a new bundler core, we should run the full test matrix and build to confirm no regressions.

@dependabot
[Docs Site] Bump vite from 7.3.5 to 8.0.16
68c7dd5 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.5 to 8.0.16.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.16/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 8.0.16
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vite-8.0.16 branch from 4838659 to 68c7dd5 Compare June 10, 2026 00:36
@mvvmm

mvvmm commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Vite 8 lands in Astro 7, so closing this one for now/

@mvvmm mvvmm closed this Jun 10, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 10, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/vite-8.0.16 branch June 10, 2026 01:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@mvvmm mvvmm

@kodster28 kodster28

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code size/m

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mvvmm @kodster28