chore(deps-dev): bump vite from 7.3.2 to 8.0.16 by dependabot[bot] · Pull Request #8066 · monkeytypegame/monkeytype

dependabot · 2026-06-05T20:04:51Z

Bumps vite from 7.3.2 to 8.0.16.

Release notes

v8.0.16

Please refer to CHANGELOG.md for details.

v8.0.15

Please refer to CHANGELOG.md for details.

v8.0.14

Please refer to CHANGELOG.md for details.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.16 (2026-06-01)

Bug Fixes

deps: reject UNC paths for launch-editor-middleware (#22571) (50b9512)

reject windows alternate paths (#22572) (dc245c7)

8.0.15 (2026-06-01)

Features

send 408 on request timeout (#22476) (c85c9ee)

update rolldown to 1.0.3 (#22538) (646dbed)

Bug Fixes

capitalize error messages and remove spurious space in parse error (#22488) (85a0eff)

deps: update all non-major dependencies (#22511) (2686d7d)

dev: fix html-proxy cache key mismatch for /@fs/ HTML paths (#21762) (47c4213)

glob: error on relative glob in virtual module when no files match (#22497) (5c8e98f)

optimizer: close the rolldown bundle when write() rejects (#22528) (e3cfb9d)

resolve: provide onWarn for viteResolvePlugin in JS plugin containers (#22509) (40985f1)

Miscellaneous Chores

deps: update rolldown-related dependencies (#22566) (3052a67)

Code Refactoring

correct logic in collectAllModules function (#22562) (6978a9c)

8.0.14 (2026-05-21)

Features

update rolldown to 1.0.2 (#22484) (96efc88)

Bug Fixes

deps: update all non-major dependencies (#22471) (98b8163)

dev: handle errors when sending messages to vite server (#22450) (e8e9a34)

html: handle trailing slash paths in transformIndexHtml (#22480) (5d94d1b)

optimizer: pass oxc jsx options to transformSync in dependency scan (#22342) (b3132da)

Miscellaneous Chores

deps: update rolldown-related dependencies (#22470) (7cb728e)

remove irrelevant commits from changelog (2c69495)

Code Refactoring

glob: do not rewrite import path for absolute base (#22310) (0ae2844)

... (truncated)

Commits

f94df87 release: v8.0.16
dc245c7 fix: reject windows alternate paths (#22572)
50b9512 fix(deps): reject UNC paths for launch-editor-middleware (#22571)
8d1b019 release: v8.0.15
2686d7d fix(deps): update all non-major dependencies (#22511)
3052a67 chore(deps): update rolldown-related dependencies (#22566)
e3cfb9d fix(optimizer): close the rolldown bundle when write() rejects (#22528)
6978a9c refactor: correct logic in collectAllModules function (#22562)
646dbed feat: update rolldown to 1.0.3 (#22538)
85a0eff fix: capitalize error messages and remove spurious space in parse error (#22488)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.2 to 8.0.16. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.16/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.16 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-06-05T20:05:45Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@types/mjml@4.7.4
	@types/damerau-levenshtein@1.0.2
	@types/subset-font@1.4.3
	@types/uuid@10.0.0
	@types/readline-sync@1.4.8
	@tanstack/solid-hotkeys-devtools@0.6.6
	@tanstack/solid-query-devtools@5.100.3
	@types/throttle-debounce@5.0.2
	@tanstack/solid-db@0.2.21
	@types/express@5.0.3
	@types/object-hash@3.0.6
	@types/cron@1.7.3
	@types/supertest@6.0.3
	@types/ua-parser-js@0.7.36
	@types/bcrypt@5.0.2
	@sentry/browser@10.44.0
	@types/canvas-confetti@1.9.0
	@types/swagger-stats@0.95.11
	@tanstack/solid-table@8.21.3
	@types/howler@2.2.7
	@tanstack/query-db-collection@1.0.38
	@types/mustache@4.2.2
	@types/chartjs-plugin-trendline@1.0.1
	@tanstack/eslint-plugin-query@5.100.3
	balloon-css@1.2.0
	@storybook/addon-vitest@10.2.16
	@types/ioredis@4.28.10
	@types/nodemailer@8.0.0
	@redocly/cli@2.24.1
	@tanstack/solid-devtools@0.8.2
	@tanstack/solid-hotkeys@0.10.0
	@storybook/addon-a11y@10.2.16
	@vitest/browser@4.1.6
See 27 more rows in the dashboard

View full report

socket-security · 2026-06-05T20:05:48Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Critical CVE: Vitest browser mode serves unsanitized otelCarrier query parameter as inline script in npm `@vitest/browser` CVE: GHSA-2h32-95rg-cppp Vitest browser mode serves unsanitized otelCarrier query parameter as inline script (CRITICAL) Affected versions: >= 4.0.17 < 4.1.6; >= 5.0.0-beta.0 < 5.0.0-beta.3 Patched version: 4.1.6 From: pnpm-lock.yaml → `npm/@vitest/browser-playwright@4.0.18` → `npm/@vitest/browser@4.0.18` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@vitest/browser@4.0.18`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 5, 2026

monkeytypegeorge added the frontend User interface or web stuff label Jun 5, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps-dev): bump vite from 7.3.2 to 8.0.16#8066

chore(deps-dev): bump vite from 7.3.2 to 8.0.16#8066
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/vite-8.0.16

dependabot Bot commented on behalf of github Jun 5, 2026

Uh oh!

socket-security Bot commented Jun 5, 2026

Uh oh!

socket-security Bot commented Jun 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 5, 2026

v8.0.16

v8.0.15

v8.0.14

v8.0.13

v8.0.12

v8.0.11

v8.0.10

v8.0.9

v8.0.8

v8.0.7

v8.0.6

v8.0.5

v8.0.4

create-vite@8.0.3

v8.0.3

create-vite@8.0.2

v8.0.2

8.0.16 (2026-06-01)

Bug Fixes

8.0.15 (2026-06-01)

Features

Bug Fixes

Miscellaneous Chores

Code Refactoring

8.0.14 (2026-05-21)

Features

Bug Fixes

Miscellaneous Chores

Code Refactoring

Uh oh!

socket-security Bot commented Jun 5, 2026

Uh oh!

socket-security Bot commented Jun 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant