build(deps-dev): Bump vite from 7.1.7 to 7.1.11 #238
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=80&v=4){kind=small}
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.7 to 7.1.11. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.1.11/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 7.1.11 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
dependencies
Deploying blinklabs-utxorpc with
|
| Latest commit: |
2cbbeff
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://69586bb2.blinklabs-utxorpc.pages.dev |
| Branch Preview URL: | https://dependabot-npm-and-yarn-vite-488c.blinklabs-utxorpc.pages.dev |
|
|
✓ Safe to upgradeI recommend merging this upgrade because this is a patch-level security update from version 7.1.7 to 7.1.11 that includes 10 bug fixes and 3 new features, with no breaking changes affecting this project. The mentioned breaking changes in the context (HMR prune event and optimizer incompatible error) were fixes introduced in version 7.1.7 that this project has already been using, so they don't affect this upgrade. The security vulnerabilities listed in the analysis either don't apply to vite itself or were already addressed in earlier versions. The project uses TailwindCSS v4 which has full compatibility with Vite 7, and all configuration patterns are standard and supported. The upgrade path is straightforward with no code changes required. What we checked
Dependency UsageVite serves as the foundational build tool and development server for this React-based Cardano wallet transaction application, enabling local development with hot module replacement, production builds with TypeScript compilation and code bundling, and preview deployments. The tool is configured to inject API URL environment variables at build time, enable React plugin support, and run the development server on a specified host and port, supporting the application's core functionality of connecting Cardano wallets and processing blockchain transactions. Beyond the primary configuration file, vite is invoked through multiple npm scripts for development workflows and referenced in type definitions for environment variable typing, making it a critical infrastructure dependency that powers the entire development-to-production pipeline.
This code is configuring a Vite project to use React as a plugin and defining environment variables that will be available at build time. Other Usages (1)These usages were analyzed but no breaking changes were detected: vite
ChangesVite has been upgraded with two breaking changes affecting HMR module pruning and optimizer error handling, along with fixes for glob patterns with exclusions, SSR asset emission, and esbuild helper injection. The update includes improvements to URL handling, WebSocket spelling correction, and support for multiline import.meta.url expressions.
View 69 more changes
References (5)[1]: Vite dependency being upgraded from ^7.1.7 to ^7.1.11 - this is a patch-level update within the same minor version Line 39 in 2cbbeff [2]: Project uses TailwindCSS v4.1.13, which is fully compatible with Vite 7 (the compatibility issue mentioned in context only affects older TailwindCSS Vite plugins, not the modern @tailwindcss/postcss plugin used here) Line 36 in 2cbbeff [3]: Uses @vitejs/plugin-react v5.0.4 which explicitly supports Vite 7 in its peer dependencies (^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0) utxorpc-example/vite.config.ts Line 6 in 2cbbeff [4]: Standard Vite development server configuration with no special flags or experimental features that could be affected by breaking changes Line 7 in 2cbbeff [5]: Configuration uses only stable, documented Vite APIs (defineConfig, plugins, define, build, server) with no deprecated patterns fossabot analyzed this PR using static analysis and dependency research. |
1 participant
Bumps vite from 7.1.7 to 7.1.11.
Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
... (truncated)
Commits
8b69c9erelease: v7.1.11f479cc5fix(dev): trim trailing slash beforeserver.fs.denycheck (#20968)6fb41a2chore(deps): update all non-major dependencies (#20966)a817307build: remove hash from built filenames (#20946)ef411cebuild: remove cjs reference in files field (#20945)d0094afrefactor: use subpath imports for types module reference (#20921)ed4a0dcrelease: v7.1.10c714776fix: preserve original sourcemap file field when combining sourcemaps (#20926)446eb38fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20906)879de86fix(deps): update all non-major dependenciesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)