deps(npm): bump vite from 8.0.5 to 8.0.7 in /frontend in the vue-ecosystem group

[dependabot]

Bumps the vue-ecosystem group in /frontend with 1 update: vite.

Updates vite from 8.0.5 to 8.0.7

Release notes

Sourced from vite's releases.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.7 (2026-04-07)

Bug Fixes

• use sync dns.getDefaultResultOrder instead of dns.promises (#22185) (5c05b04)

8.0.6 (2026-04-07)

Features

• update rolldown to 1.0.0-rc.13 (#22097) (51d3e48)

Bug Fixes

• css: avoid mutating sass error multiple times (#22115) (d5081c2)
• optimize-deps: hoist CJS interop assignment (#22156) (17a8f9e)

Performance Improvements

• early return in getLocalhostAddressIfDiffersFromDNS when DNS order is verbatim (#22151) (56ec256)

Miscellaneous Chores

• create-vite: remove unnecessary DOM.Iterable (#22168) (bdc53ab)
• replace remaining prettier script (#22179) (af71fb2)

Commits

• fdb2e6f release: v8.0.7
• 5c05b04 fix: use sync dns.getDefaultResultOrder instead of dns.promises (#22185)
• 7b3086f release: v8.0.6
• af71fb2 chore: replace remaining prettier script (#22179)
• 51d3e48 feat: update rolldown to 1.0.0-rc.13 (#22097)
• 17a8f9e fix(optimize-deps): hoist CJS interop assignment (#22156)
• d5081c2 fix(css): avoid mutating sass error multiple times (#22115)
• 56ec256 perf: early return in getLocalhostAddressIfDiffersFromDNS when DNS order is...
• bdc53ab chore(create-vite): remove unnecessary DOM.Iterable (#22168)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 0fe5c83.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@emnapi/core	1.9.1	🟢 3.8	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 21 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/runtime	1.9.1	🟢 3.8	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 21 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/wasi-threads	1.2.0	🟢 3.8	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 21 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@oxc-project/types	0.123.0	Unknown	Unknown
npm/@rolldown/binding-android-arm64	1.0.0-rc.13	Unknown	Unknown
npm/@rolldown/binding-darwin-arm64	1.0.0-rc.13	Unknown	Unknown
npm/@rolldown/binding-darwin-x64	1.0.0-rc.13	Unknown	Unknown
npm/@rolldown/binding-freebsd-x64	1.0.0-rc.13	Unknown	Unknown
npm/@rolldown/binding-linux-arm-gnueabihf	1.0.0-rc.13	Unknown	Unknown
npm/@rolldown/binding-linux-arm64-gnu	1.0.0-rc.13	Unknown	Unknown
npm/@rolldown/binding-linux-arm64-musl	1.0.0-rc.13	Unknown	Unknown
npm/@rolldown/binding-linux-ppc64-gnu	1.0.0-rc.13	Unknown	Unknown
npm/@rolldown/binding-linux-s390x-gnu	1.0.0-rc.13	Unknown	Unknown
npm/@rolldown/binding-linux-x64-gnu	1.0.0-rc.13	Unknown	Unknown
npm/@rolldown/binding-linux-x64-musl	1.0.0-rc.13	Unknown	Unknown
npm/@rolldown/binding-openharmony-arm64	1.0.0-rc.13	Unknown	Unknown
npm/@rolldown/binding-wasm32-wasi	1.0.0-rc.13	Unknown	Unknown
npm/@rolldown/binding-win32-arm64-msvc	1.0.0-rc.13	Unknown	Unknown
npm/@rolldown/binding-win32-x64-msvc	1.0.0-rc.13	Unknown	Unknown
npm/@rolldown/pluginutils	1.0.0-rc.13	Unknown	Unknown
npm/rolldown	1.0.0-rc.13	Unknown	Unknown
npm/vite	8.0.7	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 5 Found 12/21 approved changesets -- score normalized to 5 Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Binary-Artifacts 🟢 5 binaries present in source code Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4

Scanned Files

• frontend/package-lock.json

[github-actions]

Manifest Changes vs v0.1.0-beta.27

base

✅ No changes

debug

✅ No changes

crds

✅ No changes

[github-actions]

📸 UI Screenshots

Captured 22 screenshots (11 light, 11 dark mode)

📥 Download

• View Screenshots Gallery - Download the ui-screenshots artifact
• View Playwright Report - Download the playwright-report artifact

Pages Captured

Page	Light	Dark
Home	✅	✅
Session Browser	✅	✅
Pending Approvals	✅	✅
My Requests	✅	✅
Session Review	✅	✅
Debug Sessions	✅	✅
Create Debug Session	✅	✅
404 Not Found	✅	✅
Mobile Views	✅	✅
Tablet Views	✅	✅

---

Screenshots are generated automatically on each PR that modifies frontend code.

[Copilot]

Pull request overview

This Dependabot PR updates the frontend build toolchain by bumping Vite within the frontend/ workspace, keeping the Vue/Vite ecosystem dependencies current.

Changes:

• Bump vite from ^8.0.5 to ^8.0.7 in frontend/package.json.
• Regenerate frontend/package-lock.json to reflect the updated Vite version and its transitive dependency updates (notably rolldown to 1.0.0-rc.13).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
frontend/package.json	Updates the Vite devDependency version range to ^8.0.7.
frontend/package-lock.json	Updates the resolved Vite package to 8.0.7 and refreshes related transitive dependency versions/integrity hashes.

Files not reviewed (1)

• frontend/package-lock.json: Language not supported

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.72%. Comparing base (c2b918e) to head (0fe5c83).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #636   +/-   ##
=======================================
  Coverage   68.72%   68.72%           
=======================================
  Files         159      159           
  Lines       33620    33620           
=======================================
  Hits        23107    23107           
  Misses       8985     8985           
  Partials     1528     1528           

Flag	Coverage Δ
cli	61.60% <ø> (ø)
controller	71.18% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.