chore(deps): update dependency vite to v8

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
vite (source)	2.9.10 → 8.0.0

---

Release Notes

vitejs/vite (vite)

v8.0.0

Compare Source

Features

• update rolldown to 1.0.0-rc.9 (#​21813) (f05be0e)
• warn when vite-tsconfig-paths plugin is detected (#​21781) (ada493e)

Bug Fixes

• deps: update all non-major dependencies (#​21786) (eaa4352)

v7.3.1

Compare Source

Please refer to CHANGELOG.md for details.

v7.3.0

Compare Source

Please refer to CHANGELOG.md for details.

v7.2.7

Compare Source

v7.2.6

Compare Source

7.2.6 (2025-12-01)

v7.2.4

Compare Source

Bug Fixes

• revert "perf(deps): replace debug with obug (#​21107)" (2d66b7b)

v7.2.3

Compare Source

Bug Fixes

• allow multiple bindCLIShortcuts calls with shortcut merging (#​21103) (5909efd)
• deps: update all non-major dependencies (#​21096) (6a34ac3)
• deps: update all non-major dependencies (#​21128) (4f8171e)

Performance Improvements

• deps: replace debug with obug (#​21107) (acfe939)

Miscellaneous Chores

• deps: update dependency @​rollup/plugin-commonjs to v29 (#​21099) (02ceaec)
• deps: update rolldown-related dependencies (#​21095) (39a0a15)
• deps: update rolldown-related dependencies (#​21127) (5029720)

v7.2.2

Compare Source

Bug Fixes

• revert "refactor: use fs.cpSync (#​21019)" (#​21081) (728c8ee)

v7.2.1

Compare Source

Bug Fixes

• worker: some worker asset was missing (#​21074) (82d2d6c)

Code Refactoring

• build: rename indexOfMatchInSlice to findPreloadMarker (#​21054) (f83264f)

v7.2.0

Compare Source

Bug Fixes

• css: fallback to sass when sass-embedded platform binary is missing (#​21002) (b1fd616)
• module-runner: make getBuiltins response JSON serializable (#​21029) (ad5b3bf)
• types: add undefined to optional properties for exactOptionalProperties type compatibility (#​21040) (2833c55)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​21047) (e3a6a83)

v7.1.12

Compare Source

Please refer to CHANGELOG.md for details.

v7.1.11

Compare Source

Bug Fixes

• dev: trim trailing slash before server.fs.deny check (#​20968) (f479cc5)

Miscellaneous Chores

• deps: update all non-major dependencies (#​20966) (6fb41a2)

Code Refactoring

• use subpath imports for types module reference (#​20921) (d0094af)

Build System

• remove cjs reference in files field (#​20945) (ef411ce)
• remove hash from built filenames (#​20946) (a817307)

v7.1.10

Compare Source

Bug Fixes

• css: avoid duplicate style for server rendered stylesheet link and client inline style during dev (#​20767) (3a92bc7)
• css: respect emitAssets when cssCodeSplit=false (#​20883) (d3e7eee)
• deps: update all non-major dependencies (879de86)
• deps: update all non-major dependencies (#​20894) (3213f90)
• dev: allow aliases starting with // (#​20760) (b95fa2a)
• dev: remove timestamp query consistently (#​20887) (6537d15)
• esbuild: inject esbuild helpers correctly for esbuild 0.25.9+ (#​20906) (446eb38)
• normalize path before calling fileToBuiltUrl (#​20898) (73b6d24)
• preserve original sourcemap file field when combining sourcemaps (#​20926) (c714776)

Documentation

• correct WebSocket spelling (#​20890) (29e98dc)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20923) (a5e3b06)

v7.1.9

Compare Source

Reverts

• server: drain stdin when not interactive (#​20885) (12d72b0)

v7.1.8

Compare Source

Bug Fixes

• css: improve url escape characters handling (#​20847) (24a61a3)
• deps: update all non-major dependencies (#​20855) (788a183)
• deps: update artichokie to 0.4.2 (#​20864) (e670799)
• dev: skip JS responses for document requests (#​20866) (6bc6c4d)
• glob: fix HMR for array patterns with exclusions (#​20872) (63e040f)
• keep ids for virtual modules as-is (#​20808) (d4eca98)
• server: drain stdin when not interactive (#​20837) (bb950e9)
• server: improve malformed URL handling in middlewares (#​20830) (d65a983)

Documentation

• create-vite: provide deno example (#​20747) (fdb758a)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20810) (ea68a88)
• deps: update rolldown-related dependencies (#​20854) (4dd06fd)
• update url of create-react-app license (#​20865) (166a178)

v7.1.7

Compare Source

Bug Fixes

• build: fix ssr environment emitAssets: true when sharedConfigBuild: true (#​20787) (4c4583c)
• client: use CSP nonce when rendering error overlay (#​20791) (9bc9d12)
• deps: update all non-major dependencies (#​20811) (9f2247c)
• glob: handle glob imports from folders starting with dot (#​20800) (105abe8)
• hmr: trigger prune event when import is removed from non hmr module (#​20768) (9f32b1d)
• hmr: wait for import.meta.hot.prune callbacks to complete before running other HMRs (#​20698) (98a3484)

v7.1.6

Compare Source

Bug Fixes

• deps: update all non-major dependencies (#​20773) (88af2ae)
• esbuild: inject esbuild helper functions with minified $ variables correctly (#​20761) (7e8e004)
• fallback terser to main thread when nameCache is provided (#​20750) (a679a64)
• types: strict env typings fail when skipLibCheck is false (#​20755) (cc54e29)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20675) (a67bb5f)
• deps: update rolldown-related dependencies (#​20772) (d785e72)

v7.1.5

Compare Source

Bug Fixes

• apply fs.strict check to HTML files (#​20736) (14015d7)
• deps: update all non-major dependencies (#​20732) (122bfba)
• upgrade sirv to 3.0.2 (#​20735) (09f2b52)

v7.1.4

Compare Source

Bug Fixes

• add missing awaits (#​20697) (79d10ed)
• deps: update all non-major dependencies (#​20676) (5a274b2)
• deps: update all non-major dependencies (#​20709) (0401feb)
• pass rollup watch options when building in watch mode (#​20674) (f367453)

Miscellaneous Chores

• remove unused constants entry from rolldown.config.ts (#​20710) (537fcf9)

Code Refactoring

• remove unnecessary minify parameter from finalizeCss (#​20701) (8099582)

v7.1.3

Compare Source

Features

• cli: add Node.js version warning for unsupported versions (#​20638) (a1be1bf)
• generate code frame for parse errors thrown by terser (#​20642) (a9ba017)
• support long lines in generateCodeFrame (#​20640) (1559577)

Bug Fixes

• deps: update all non-major dependencies (#​20634) (4851cab)
• optimizer: incorrect incompatible error (#​20439) (446fe83)
• support multiline new URL(..., import.meta.url) expressions (#​20644) (9ccf142)

Performance Improvements

• cli: dynamically import resolveConfig (#​20646) (f691f57)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20633) (98b92e8)

Code Refactoring

• replace startsWith with strict equality (#​20603) (42816de)
• use import in worker threads (#​20641) (530687a)

Tests

• remove checkNodeVersion test (#​20647) (731d3e6)

v7.1.2

Compare Source

Bug Fixes

• client: add [vite] prefixes to debug logs (#​20595) (7cdef61)
• config: make debugger work with bundle loader (#​20573) (c583927)
• deps: update all non-major dependencies (#​20587) (20d4817)
• don't consider ids with npm: prefix as a built-in module (#​20558) (ab33803)
• hmr: watch non-inlined assets referenced by CSS (#​20581) (b7d494b)
• module-runner: prevent crash when sourceMappingURL pattern appears in string literals (#​20554) (2770478)

Miscellaneous Chores

• deps: migrate to @jridgewell/remapping from @ampproject/remapping (#​20577) (0a6048a)
• deps: update rolldown-related dependencies (#​20586) (77632c5)

v7.1.1

Compare Source

Bug Fixes

• dev: trim trailing slash before server.fs.deny check (#​20968) (f479cc5)

Miscellaneous Chores

• deps: update all non-major dependencies (#​20966) (6fb41a2)

Code Refactoring

• use subpath imports for types module reference (#​20921) (d0094af)

Build System

• remove cjs reference in files field (#​20945) (ef411ce)
• remove hash from built filenames (#​20946) (a817307)

v7.1.0

Compare Source

Features

• support files with more than 1000 lines by generateCodeFrame (#​20508) (e7d0b2a)
• add import.meta.main support in config (bundle config loader) (#​20516) (5d3e3c2)
• optimizer: improve dependency optimization error messages with esbuild formatMessages (#​20525) (d17cfed)
• ssr: add import.meta.main support for Node.js module runner (#​20517) (794a8f2)
• add future: 'warn' (#​20473) (e6aaf17)
• add removeServerPluginContainer future deprecation (#​20437) (c1279e7)
• add removeServerReloadModule future deprecation (#​20436) (6970d17)
• add server.warmupRequest to future deprecation (#​20431) (8ad388a)
• add ssrFixStacktrace / ssrRewriteStacktrace to removeSsrLoadModule future deprecation (#​20435) (8c8f587)
• client: ping from SharedWorker (#​19057) (5c97c22)
• dev: add this.fs support (#​20301) (0fe3f2f)
• export defaultExternalConditions (#​20279) (344d302)
• implement removePluginHookSsrArgument future deprecation (#​20433) (95927d9)
• implement removeServerHot future deprecation (#​20434) (259f45d)
• resolve server URLs before calling other listeners (#​19981) (45f6443)
• ssr: resolve externalized packages with resolve.externalConditions and add module-sync to default external condition (#​20409) (c669c52)
• ssr: support import.meta.resolve in module runner (#​20260) (62835f7)

Bug Fixes

• css: avoid warnings for image-set containing __VITE_ASSET__ (#​20520) (f1a2635)
• css: empty CSS entry points should generate CSS files, not JS files (#​20518) (bac9f3e)
• dev: denied request stalled when requested concurrently (#​20503) (64a52e7)
• manifest: initialize entryCssAssetFileNames as an empty Set (#​20542) (6a46cda)
• skip prepareOutDirPlugin in workers (#​20556) (97d5111)
• asset: only watch existing files for new URL(, import.meta.url) (#​20507) (1b211fd)
• client: keep ping on WS constructor error (#​20512) (3676da5)
• deps: update all non-major dependencies (#​20537) (fc9a9d3)
• don't resolve as relative for specifiers starting with a dot (#​20528) (c5a10ec)
• html: allow control character in input stream (#​20483) (c12a4a7)
• merge old and new noExternal: true correctly (#​20502) (9ebe4a5)
• deps: update all non-major dependencies (#​20489) (f6aa04a)
• dev: denied requests overly (#​20410) (4be5270)
• hmr: register css deps as type: asset (#​20391) (7eac8dd)
• optimizer: discover correct jsx runtime during scan (#​20495) (10d48bb)
• preview: set correct host for resolvedUrls (#​20496) (62b3e0d)
• worker: resolve WebKit compat with inline workers by deferring blob URL revocation (#​20460) (8033e5b)

Performance Improvements

• client: reduce reload debounce (#​20429) (22ad43b)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20536) (8be2787)
• deps: update dependency parse5 to v8 (#​20490) (744582d)
• format (f20addc)
• stablize cssScopeTo (#​19592) (ced1343)

Code Refactoring

• use hook filters in the worker plugin (#​20527) (958cdf2)
• extract prepareOutDir as a plugin (#​20373) (2c4af1f)
• extract resolve rollup options (#​20375) (61a9778)
• rewrite openchrome.applescript to JXA (#​20424) (7979f9d)
• use http-proxy-3 (#​20402) (26d9872)
• use hook filters in internal plugins (#​20358) (f19c4d7)
• use hook filters in internal resolve plugin (#​20480) (acd2a13)

Tests

• detect ts support via process.features (#​20544) (856d3f0)
• fix unimportant errors in test-unit (#​20545) (1f23554)

Beta Changelogs

7.1.0-beta.1 (2025-08-05)

See 7.1.0-beta.1 changelog

7.1.0-beta.0 (2025-07-30)

See 7.1.0-beta.0 changelog

v7.0.8

Compare Source

Please refer to CHANGELOG.md for details.

v7.0.7

Compare Source

Please refer to CHANGELOG.md for details.

v7.0.6

Compare Source

Features

• support files with more than 1000 lines by generateCodeFrame (#​20508) (e7d0b2a)
• add import.meta.main support in config (bundle config loader) (#​20516) (5d3e3c2)
• optimizer: improve dependency optimization error messages with esbuild formatMessages (#​20525) (d17cfed)
• ssr: add import.meta.main support for Node.js module runner (#​20517) (794a8f2)
• add future: 'warn' (#​20473) (e6aaf17)
• add removeServerPluginContainer future deprecation (#​20437) (c1279e7)
• add removeServerReloadModule future deprecation (#​20436) (6970d17)
• add server.warmupRequest to future deprecation (#​20431) (8ad388a)
• add ssrFixStacktrace / ssrRewriteStacktrace to removeSsrLoadModule future deprecation (#​20435) (8c8f587)
• client: ping from SharedWorker (#​19057) (5c97c22)
• dev: add this.fs support (#​20301) (0fe3f2f)
• export defaultExternalConditions (#​20279) (344d302)
• implement removePluginHookSsrArgument future deprecation (#​20433) (95927d9)
• implement removeServerHot future deprecation (#​20434) (259f45d)
• resolve server URLs before calling other listeners (#​19981) (45f6443)
• ssr: resolve externalized packages with resolve.externalConditions and add module-sync to default external condition (#​20409) (c669c52)
• ssr: support import.meta.resolve in module runner (#​20260) (62835f7)

Bug Fixes

• css: avoid warnings for image-set containing __VITE_ASSET__ (#​20520) (f1a2635)
• css: empty CSS entry points should generate CSS files, not JS files (#​20518) (bac9f3e)
• dev: denied request stalled when requested concurrently (#​20503) (64a52e7)
• manifest: initialize entryCssAssetFileNames as an empty Set (#​20542) (6a46cda)
• skip prepareOutDirPlugin in workers (#​20556) (97d5111)
• asset: only watch existing files for new URL(, import.meta.url) (#​20507) (1b211fd)
• client: keep ping on WS constructor error (#​20512) (3676da5)
• deps: update all non-major dependencies (#​20537) (fc9a9d3)
• don't resolve as relative for specifiers starting with a dot (#​20528) (c5a10ec)
• html: allow control character in input stream (#​20483) (c12a4a7)
• merge old and new noExternal: true correctly (#​20502) (9ebe4a5)
• deps: update all non-major dependencies (#​20489) (f6aa04a)
• dev: denied requests overly (#​20410) (4be5270)
• hmr: register css deps as type: asset (#​20391) (7eac8dd)
• optimizer: discover correct jsx runtime during scan (#​20495) (10d48bb)
• preview: set correct host for resolvedUrls (#​20496) (62b3e0d)
• worker: resolve WebKit compat with inline workers by deferring blob URL revocation (#​20460) (8033e5b)

Performance Improvements

• client: reduce reload debounce (#​20429) (22ad43b)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20536) (8be2787)
• deps: update dependency parse5 to v8 (#​20490) (744582d)
• format (f20addc)
• stablize cssScopeTo (#​19592) (ced1343)

Code Refactoring

• use hook filters in the worker plugin (#​20527) (958cdf2)
• extract prepareOutDir as a plugin (#​20373) (2c4af1f)
• extract resolve rollup options (#​20375) (61a9778)
• rewrite openchrome.applescript to JXA (#​20424) (7979f9d)
• use http-proxy-3 (#​20402) (26d9872)
• use hook filters in internal plugins (#​20358) (f19c4d7)
• use hook filters in internal resolve plugin (#​20480) (acd2a13)

Tests

• detect ts support via process.features (#​20544) (856d3f0)
• fix unimportant errors in test-unit (#​20545) (1f23554)

Beta Changelogs

7.1.0-beta.1 (2025-08-05)

See 7.1.0-beta.1 changelog

7.1.0-beta.0 (2025-07-30)

See 7.1.0-beta.0 changelog

v7.0.5

Compare Source

Bug Fixes

• deps: update all non-major dependencies (#​20406) (1a1cc8a)
• remove special handling for Accept: text/html (#​20376) (c9614b9)
• watch assets referenced by new URL(, import.meta.url) (#​20382) (6bc8bf6)

Miscellaneous Chores

• deps: update dependency rolldown to ^1.0.0-beta.27 (#​20405) (1165667)

Code Refactoring

• use foo.endsWith("bar") instead of /bar$/.test(foo) (#​20413) (862e192)

v7.0.4

Compare Source

Bug Fixes

• allow resolving bare specifiers to relative paths for entries (#​20379) (324669c)

Build System

• remove @oxc-project/runtime devDep (#​20389) (5e29602)

v7.0.3

Compare Source

Bug Fixes

• client: protect against window being defined but addEv undefined (#​20359) (31d1467)
• define: replace optional values (#​20338) (9465ae1)
• deps: update all non-major dependencies (#​20366) (43ac73d)

Miscellaneous Chores

• deps: update dependency dotenv to v17 (#​20325) (45040d4)
• deps: update dependency rolldown to ^1.0.0-beta.24 (#​20365) (5ab25e7)
• use n/prefer-node-protocol rule (#​20368) (38bb268)

Code Refactoring

• minor changes to reduce diff between normal Vite and rolldown-vite (#​20354) (2e8050e)

v7.0.2

Compare Source

Bug Fixes

• css: resolve relative paths in sass, revert #​20300 (#​20349) (db8bd41)

v7.0.1

Compare Source

Bug Fixes

• css: skip resolving resolved paths in sass (#​20300) (ac528a4)
• deps: update all non-major dependencies (#​20324) (3e81af3)
• types: add a global interface for Worker (#​20243) (37bdfc1)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20323) (30d2f1b)
• fix typos and grammatical errors across documentation and comments (#​20337) (c1c951d)
• group commits by category in changelog (#​20310) (41e83f6)
• rearrange 7.0 changelog (#​20280) (eafd28a)

v7.0.0

[Compare Source](https:

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 8afe3eb

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
vite-react-seo-demo	Error		Mar 12, 2026 6:53pm

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vite@​2.9.10 ⏵ 8.0.0	+1	+35

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm vite is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: package.json → npm/vite@8.0.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/vite@8.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[cloudflare-workers-and-pages]

Deploying vite-react-seo-demo with    Cloudflare Pages

Latest commit:	8afe3eb
Status:	🚫  Build failed.

View logs