Deps: bump vite from 7.3.1 to 8.0.0

[dependabot]

Bumps vite from 7.3.1 to 8.0.0.

Release notes

Sourced from vite's releases.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0-beta.18

Please refer to CHANGELOG.md for details.

v8.0.0-beta.17

Please refer to CHANGELOG.md for details.

v8.0.0-beta.16

Please refer to CHANGELOG.md for details.

v8.0.0-beta.15

Please refer to CHANGELOG.md for details.

v8.0.0-beta.14

Please refer to CHANGELOG.md for details.

v8.0.0-beta.13

Please refer to CHANGELOG.md for details.

v8.0.0-beta.12

Please refer to CHANGELOG.md for details.

v8.0.0-beta.11

Please refer to CHANGELOG.md for details.

v8.0.0-beta.10

Please refer to CHANGELOG.md for details.

v8.0.0-beta.9

Please refer to CHANGELOG.md for details.

v8.0.0-beta.8

Please refer to CHANGELOG.md for details.

v8.0.0-beta.7

Please refer to CHANGELOG.md for details.

v8.0.0-beta.6

Please refer to CHANGELOG.md for details.

v8.0.0-beta.5

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.0 (2026-03-12)

Today, we're thrilled to announce the release of the next Vite major:

• Vite 8.0 announcement blog post
• Docs (translations: 简体中文, 日本語, Español, Português, 한국어, Deutsch, فارسی)
• Migration Guide

⚠ BREAKING CHANGES

• remove import.meta.hot.accept resolution fallback (#21382)
• update default browser target (#21193)
• the epic rolldown-vite merge (#21189)

Features

• update rolldown to 1.0.0-rc.9 (#21813) (f05be0e)
• warn when vite-tsconfig-paths plugin is detected (#21781) (ada493e)
• css: support es2025 build target for lightningcss (#21769) (08906e7)
• forward browser console logs and errors to dev server terminal (#20916) (2540ed0)
• update rolldown to 1.0.0-rc.8 (#21790) (a0c950e)
• export Visitor and ESTree from rolldown/utils (#21664) (45de31e)
• update rolldown to 1.0.0-rc.6 (#21714) (37a65f8)
• use util.inspect for CLI error display (#21668) (5f425a9)
• update rolldown to 1.0.0-rc.5 (#21660) (b3ddbc5)
• update rolldown to 1.0.0-rc.4 (#21617) (1ee5c7f)
• wasm: add SSR support for .wasm?init (#21102) (216a3b5)
• integrate devtools (#21331) (acbf507)
• update rolldown to 1.0.0-rc.3 (#21554) (43358e9)
• manifest: add assets field for standalone CSS entry points (#21015) (f289b9b)
• update rolldown to 1.0.0-rc.2 (#21512) (fa136a9)
• bundled-dev: support worker in initial bundle (#21415) (f3d3149)
• dev: detect port conflicts on wildcard hosts (#21381) (b0dd5a9)
• shortcuts case insensitive (#21224) (7796ade)
• update rolldown to 1.0.0-rc.1 (#21463) (ff9dd7f)
• warn if envPrefix contains spaces (#21292) (9fcde3c)
• update rolldown to 1.0.0-beta.60 (#21408) (c33aa7c)
• update rolldown to 1.0.0-beta.59 (#21374) (0037943)
• add ignoreOutdatedRequests option to optimizeDeps (#21364) (b2e75aa)
• add ios to default esbuild targets (#21342) (daae6e9)
• update rolldown to 1.0.0-beta.58 (#21354) (ba40cef)
• update rolldown to 1.0.0-beta.57 (#21335) (d5412ef)
• css: support es2024 build target for lightningcss (#21294) (bd33b8e)
• update rolldown to 1.0.0-beta.56 (#21323) (9847a63)
• introduce v2 native plugins and enable it by default (#21268) (42f2ab3)
• ssr: avoid errors when rewriting already rewritten stacktrace (#21269) (98d9a33)
• update rolldown to 1.0.0-beta.55 (#21300) (2c8db85)
• update rolldown to 1.0.0-beta.54 (#21267) (c751172)

... (truncated)

Commits

• ea68a88 chore(deps): update rolldown-related dependencies (#20810)
• 693d255 release: v7.1.7
• 98a3484 fix(hmr): wait for import.meta.hot.prune callbacks to complete before runni...
• 9f32b1d fix(hmr): trigger prune event when import is removed from non hmr module (#20...
• 9f2247c fix(deps): update all non-major dependencies (#20811)
• 105abe8 fix(glob): handle glob imports from folders starting with dot (#20800)
• 4c4583c fix(build): fix ssr environment emitAssets: true when `sharedConfigBuild: t...
• 9bc9d12 fix(client): use CSP nonce when rendering error overlay (#20791)
• 54377f7 release: v7.1.6
• 88af2ae fix(deps): update all non-major dependencies (#20773)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA fd5c53d.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@emnapi/core	1.9.0	🟢 3.8	Details Check Score Reason Maintained 🟢 10 17 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/runtime	1.9.0	🟢 3.8	Details Check Score Reason Maintained 🟢 10 17 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/wasi-threads	1.2.0	🟢 3.8	Details Check Score Reason Maintained 🟢 10 17 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@napi-rs/wasm-runtime	1.1.1	🟢 5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 1/12 approved changesets -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@oxc-project/runtime	0.115.0	Unknown	Unknown
npm/@oxc-project/types	0.115.0	Unknown	Unknown
npm/@rolldown/binding-android-arm64	1.0.0-rc.9	Unknown	Unknown
npm/@rolldown/binding-darwin-arm64	1.0.0-rc.9	Unknown	Unknown
npm/@rolldown/binding-darwin-x64	1.0.0-rc.9	Unknown	Unknown
npm/@rolldown/binding-freebsd-x64	1.0.0-rc.9	Unknown	Unknown
npm/@rolldown/binding-linux-arm-gnueabihf	1.0.0-rc.9	Unknown	Unknown
npm/@rolldown/binding-linux-arm64-gnu	1.0.0-rc.9	Unknown	Unknown
npm/@rolldown/binding-linux-arm64-musl	1.0.0-rc.9	Unknown	Unknown
npm/@rolldown/binding-linux-ppc64-gnu	1.0.0-rc.9	Unknown	Unknown
npm/@rolldown/binding-linux-s390x-gnu	1.0.0-rc.9	Unknown	Unknown
npm/@rolldown/binding-linux-x64-gnu	1.0.0-rc.9	Unknown	Unknown
npm/@rolldown/binding-linux-x64-musl	1.0.0-rc.9	Unknown	Unknown
npm/@rolldown/binding-openharmony-arm64	1.0.0-rc.9	Unknown	Unknown
npm/@rolldown/binding-wasm32-wasi	1.0.0-rc.9	Unknown	Unknown
npm/@rolldown/binding-win32-arm64-msvc	1.0.0-rc.9	Unknown	Unknown
npm/@rolldown/binding-win32-x64-msvc	1.0.0-rc.9	Unknown	Unknown
npm/@rolldown/pluginutils	1.0.0-rc.9	Unknown	Unknown
npm/@tybys/wasm-util	0.10.1	Unknown	Unknown
npm/detect-libc	2.1.2	🟢 3.8	Details Check Score Reason Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 8 binaries present in source code Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/lightningcss	1.32.0	Unknown	Unknown
npm/lightningcss-android-arm64	1.32.0	Unknown	Unknown
npm/lightningcss-darwin-arm64	1.32.0	Unknown	Unknown
npm/lightningcss-darwin-x64	1.32.0	Unknown	Unknown
npm/lightningcss-freebsd-x64	1.32.0	Unknown	Unknown
npm/lightningcss-linux-arm-gnueabihf	1.32.0	Unknown	Unknown
npm/lightningcss-linux-arm64-gnu	1.32.0	Unknown	Unknown
npm/lightningcss-linux-arm64-musl	1.32.0	Unknown	Unknown
npm/lightningcss-linux-x64-gnu	1.32.0	Unknown	Unknown
npm/lightningcss-linux-x64-musl	1.32.0	Unknown	Unknown
npm/lightningcss-win32-arm64-msvc	1.32.0	Unknown	Unknown
npm/lightningcss-win32-x64-msvc	1.32.0	Unknown	Unknown
npm/postcss	8.5.8	🟢 4.6	Details Check Score Reason Maintained 🟢 9 9 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/rolldown	1.0.0-rc.9	Unknown	Unknown
npm/vite	8.0.0	🟢 6.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 4 Found 12/29 approved changesets -- score normalized to 4 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 5 binaries present in source code License 🟢 10 license file detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4

Scanned Files

• package-lock.json