Bump vite from 6.2.0 to 6.2.3 in /docs #12104

dependabot · 2025-03-25T14:01:38Z

Bumps vite from 6.2.0 to 6.2.3.

Release notes

v6.2.3

Please refer to CHANGELOG.md for details.

v6.2.2

Please refer to CHANGELOG.md for details.

[email protected]

Please refer to CHANGELOG.md for details.

v6.2.1

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.2.3 (2025-03-24)

fix: fs raw query with query separators (#19702) (f234b57), closes #19702

6.2.2 (2025-03-14)

fix: await client buildStart on top level buildStart (#19624) (b31faab), closes #19624

fix(css): inline css correctly for double quote use strict (#19590) (d0aa833), closes #19590

fix(deps): update all non-major dependencies (#19613) (363d691), closes #19613

fix(indexHtml): ensure correct URL when querying module graph (#19601) (dc5395a), closes #19601

fix(preview): use preview https config, not server (#19633) (98b3160), closes #19633

fix(ssr): use optional chaining to prevent "undefined is not an object" happening in `ssrRewriteStac (4309755), closes #19612

feat: show friendly error for malformed base (#19616) (2476391), closes #19616

feat(worker): show asset filename conflict warning (#19591) (367d968), closes #19591

chore: extend commit hash correctly when ambigious with a non-commit object (#19600) (89a6287), closes #19600

6.2.1 (2025-03-07)

refactor: remove isBuild check from preAliasPlugin (#19587) (c9e086d), closes #19587

refactor: restore endsWith usage (#19554) (6113a96), closes #19554

refactor: use applyToEnvironment in internal plugins (#19588) (f678442), closes #19588

fix(css): stabilize css module hashes with lightningcss in dev mode (#19481) (92125b4), closes #19481

fix(deps): update all non-major dependencies (#19555) (f612e0f), closes #19555

fix(reporter): fix incorrect bundle size calculation with non-ASCII characters (#19561) (437c0ed), closes #19561

fix(sourcemap): combine sourcemaps with multiple sources without matched source (#18971) (e3f6ae1), closes #18971

fix(ssr): named export should overwrite export all (#19534) (2fd2fc1), closes #19534

feat: add *?url&no-inline type and warning for .json?inline / .json?no-inline (#19566) (c0d3667), closes #19566

test: add glob import test case (#19516) (aa1d807), closes #19516

test: convert config playground to unit tests (#19568) (c0e68da), closes #19568

test: convert resolve-config playground to unit tests (#19567) (db5fb48), closes #19567

perf: flush compile cache after 10s (#19537) (6c8a5a2), closes #19537

chore(css): move environment destructuring after condition check (#19492) (c9eda23), closes #19492

chore(html): remove unnecessary value check (#19491) (797959f), closes #19491

Commits

16869d7 release: v6.2.3
f234b57 fix: fs raw query with query separators (#19702)
b12911e release: v6.2.2
98b3160 fix(preview): use preview https config, not server (#19633)
b31faab fix: await client buildStart on top level buildStart (#19624)
dc5395a fix(indexHtml): ensure correct URL when querying module graph (#19601)
2476391 feat: show friendly error for malformed base (#19616)
4309755 fix(ssr): use optional chaining to prevent "undefined is not an object" happe...
363d691 fix(deps): update all non-major dependencies (#19613)
d0aa833 fix(css): inline css correctly for double quote use strict (#19590)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.2.0 to 6.2.3. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.2.3/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.2.3/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>

dryrunsecurity · 2025-03-25T14:02:29Z

DryRun Security Summary

A Vite development dependency update to version 6.2.3 was made with a potential Node.js version compatibility risk due to specifying version 22.14.0.

Expand for full summary

PR Summary: Updates Vite development dependency from version 6.2.0 to 6.2.3 in package-lock.json and package.json, with a Node.js version specification of 22.14.0.

Security Findings:
• Potential Node.js Version Compatibility Risk: Specified Node.js version 22.14.0 is very recent/future, which may introduce compatibility or security challenges
• Dependency Version Update: Vite update from 6.2.0 to 6.2.3 suggests potential underlying bug fixes or security patches that should be carefully reviewed

View PR in the DryRun Dashboard.

cneill

We've already bumped dev in #12092 and I'm not sure we strictly need this to land in master right away since I don't think we actually run the vite server for docs, but approving anyway since I don't think it'll hurt

Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.2.0 to 6.2.3. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.2.3/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.2.3/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 25, 2025

github-actions bot added the docs label Mar 25, 2025

cneill approved these changes Mar 25, 2025

View reviewed changes

Maffooch approved these changes Mar 25, 2025

View reviewed changes

Maffooch merged commit 8638fa9 into master Mar 25, 2025
77 of 78 checks passed

dependabot bot deleted the dependabot/npm_and_yarn/docs/vite-6.2.3 branch March 25, 2025 18:51

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump vite from 6.2.0 to 6.2.3 in /docs #12104

Bump vite from 6.2.0 to 6.2.3 in /docs #12104

dependabot bot commented on behalf of github Mar 25, 2025

dryrunsecurity bot commented Mar 25, 2025

cneill left a comment

Bump vite from 6.2.0 to 6.2.3 in /docs #12104

Bump vite from 6.2.0 to 6.2.3 in /docs #12104

Conversation

dependabot bot commented on behalf of github Mar 25, 2025

v6.2.3

v6.2.2

[email protected]

v6.2.1

6.2.3 (2025-03-24)

6.2.2 (2025-03-14)

6.2.1 (2025-03-07)

dryrunsecurity bot commented Mar 25, 2025

DryRun Security Summary

cneill left a comment

Choose a reason for hiding this comment