chore(deps): update dependency vite to v7.1.8 #2194
Conversation
✓ Safe to upgradeI recommend merging this upgrade because it addresses two critical security vulnerabilities (CVE-2025-30208 and CVE-2024-45811) that allow arbitrary file read and server bypass attacks. The upgrade includes bug fixes for HMR event handling and optimizer compatibility issues. While the analysis flagged breaking changes in the changelog, these are internal fixes that do not affect the project's usage pattern. The project uses Vite through Nuxt's abstraction layer with standard Sentry and Vuetify plugins, all of which maintain compatibility with the current version. The lockfile confirms successful resolution with all peer dependencies satisfied. What we checked
Dependency UsageVite serves as the build tooling foundation for the Nuxt-based frontend application, enabling development server functionality, production builds, and integration of critical plugins including Sentry error tracking and Vuetify component framework. The dependency is configured in the Nuxt configuration with custom SSR settings, build optimizations through manual chunking for performance, and Vue-specific compiler options. While not directly imported in application code, Vite is essential infrastructure that powers the entire frontend development workflow and production bundle generation for this subtitle proxy service. ChangesVite introduces two breaking changes: HMR now triggers prune events when imports are removed from non-HMR modules, and the optimizer now correctly handles incompatible dependency errors. The update includes 8 bug fixes addressing HMR for glob patterns with exclusions, SSR asset emission with shared config builds, esbuild helper injection, and improved handling of malformed URLs and virtual module IDs.
View 52 more changes
References (7)[1]: Vite dependency upgraded from ^7.1.1 to ^7.1.8 - patch version update within same major version AddictedProxy/addicted.nuxt/package.json Line 27 in b201e2e [2]: Vite configuration uses standard SSR settings and build options that remain compatible with the new version [3]: Project uses @sentry/vite-plugin for sourcemaps - plugin maintains compatibility with Vite 7.x versions [4]: @sentry/vite-plugin at version ^4.0.2 is compatible with Vite 7.x according to lockfile resolution AddictedProxy/addicted.nuxt/package.json Line 17 in b201e2e [5]: Lockfile confirms Vite 7.1.8 successfully resolves with all dependencies and peer requirements satisfied AddictedProxy/addicted.nuxt/pnpm-lock.yaml Line 4087 in b201e2e [6]: HMR prune event fix is an internal improvement that does not break existing code - enhances hot module replacement reliability (source link) [7]: Official Vite 6 to 7 migration guide confirms breaking changes apply to major version upgrades only - this is a patch update within v7.x (source link) fossabot analyzed this PR using dependency research. |
Note
Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to
mend[bot].This notice will be removed on 2025-10-07.
This PR contains the following updates:
7.1.7->7.1.8Release Notes
vitejs/vite (vite)
v7.1.8Compare Source
Bug Fixes
Documentation
Miscellaneous Chores
create-react-applicense (#20865) (166a178)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.