Skip to content

build(deps-dev): bump vite from 7.3.1 to 8.0.0#1388

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vite-8.0.0
Closed

build(deps-dev): bump vite from 7.3.1 to 8.0.0#1388
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vite-8.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 18, 2026

Copy link
Copy Markdown
Contributor

Bumps vite from 7.3.1 to 8.0.0.

Release notes

Sourced from vite's releases.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0-beta.18

Please refer to CHANGELOG.md for details.

v8.0.0-beta.17

Please refer to CHANGELOG.md for details.

v8.0.0-beta.16

Please refer to CHANGELOG.md for details.

v8.0.0-beta.15

Please refer to CHANGELOG.md for details.

v8.0.0-beta.14

Please refer to CHANGELOG.md for details.

v8.0.0-beta.13

Please refer to CHANGELOG.md for details.

v8.0.0-beta.12

Please refer to CHANGELOG.md for details.

v8.0.0-beta.11

Please refer to CHANGELOG.md for details.

v8.0.0-beta.10

Please refer to CHANGELOG.md for details.

v8.0.0-beta.9

Please refer to CHANGELOG.md for details.

v8.0.0-beta.8

Please refer to CHANGELOG.md for details.

v8.0.0-beta.7

Please refer to CHANGELOG.md for details.

v8.0.0-beta.6

Please refer to CHANGELOG.md for details.

v8.0.0-beta.5

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.0 (2026-03-12)

Vite 8 is here!

Today, we're thrilled to announce the release of the next Vite major:

⚠ BREAKING CHANGES

  • remove import.meta.hot.accept resolution fallback (#21382)
  • update default browser target (#21193)
  • the epic rolldown-vite merge (#21189)

Features

... (truncated)

Commits
  • ea68a88 chore(deps): update rolldown-related dependencies (#20810)
  • 693d255 release: v7.1.7
  • 98a3484 fix(hmr): wait for import.meta.hot.prune callbacks to complete before runni...
  • 9f32b1d fix(hmr): trigger prune event when import is removed from non hmr module (#20...
  • 9f2247c fix(deps): update all non-major dependencies (#20811)
  • 105abe8 fix(glob): handle glob imports from folders starting with dot (#20800)
  • 4c4583c fix(build): fix ssr environment emitAssets: true when `sharedConfigBuild: t...
  • 9bc9d12 fix(client): use CSP nonce when rendering error overlay (#20791)
  • 54377f7 release: v7.1.6
  • 88af2ae fix(deps): update all non-major dependencies (#20773)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@vercel

vercel Bot commented Mar 18, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
pdfme-playground Ignored Ignored Mar 20, 2026 3:47am

Request Review

@greptile-apps

greptile-apps Bot commented Mar 18, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This is an automated Dependabot PR bumping vite from 7.3.1 to 8.0.0 in packages/ui. Vite 8 is a major release that replaces rollup with rolldown as its bundler and upgrades the minimum supported Node.js version to ^20.19.0 || >=22.12.0.

Key changes pulled in by Vite 8:

  • rolldown 1.0.0-rc.9 replaces rollup as the underlying bundler (numerous new optional platform binaries added to the lock file)
  • lightningcss 1.32.0 added as a bundled dependency
  • @oxc-project/runtime 0.115.0 and @oxc-project/types 0.115.0 added
  • postcss bumped from 8.5.6 → 8.5.8

Issues worth addressing before merging:

  • The CI matrix (node-version: [20.x]) should ideally be pinned to >=20.19.0 to make the hard engine requirement explicit and enforceable
  • vite-tsconfig-paths is now flagged by Vite 8 with a deprecation warning (built-in TS path resolution replaces it); the plugin and its dependency should be removed from vite.config.mts and package.json
  • rollup remains listed as a devDependency even though Vite 8 no longer uses it (it now uses rolldown); it can be removed to reduce confusion

Confidence Score: 3/5

  • Functional build risk is low, but three clean-up items should be addressed: the vite-tsconfig-paths deprecation warning, the redundant rollup devDependency, and explicit Node.js version pinning in CI.
  • Vite 8 is a major version bump with real breaking changes (Node.js engine floor, rolldown replacing rollup, vite-tsconfig-paths warning). The lock file looks consistent, and the change is dev-only so it doesn't affect the published package. However, the retained vite-tsconfig-paths plugin will emit warnings on every build, the stale rollup devDependency adds confusion, and the CI Node version constraint is loose enough to technically allow a sub-20.19.0 run.
  • packages/ui/package.json — needs rollup removal, vite-tsconfig-paths removal, and CI Node version alignment; packages/ui/vite.config.mtstsconfigPaths() plugin usage should be removed.

Important Files Changed

Filename Overview
packages/ui/package.json Bumps vite from ^7.3.1 to ^8.0.0; Vite 8 raises the Node.js engine requirement to `^20.19.0
package-lock.json Lock file correctly reflects vite 8.0.0 installation under packages/ui/node_modules/vite with its new transitive deps: rolldown 1.0.0-rc.9, lightningcss 1.32.0, @oxc-project/runtime 0.115.0; postcss bumped from 8.5.6 to 8.5.8.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[packages/ui build] --> B[vite 8.0.0]
    B --> C[rolldown 1.0.0-rc.9\nreplaces rollup]
    B --> D[lightningcss 1.32.0\nnew CSS processor]
    B --> E[oxc-project runtime 0.115.0\nnew JS toolchain]
    B --> F{Node.js engine check}
    F -->|"^20.19.0 or >=22.12.0"| G[Build succeeds]
    F -->|"< 20.19.0 e.g. Node 18.x"| H[Build fails]
    B --> I[vite-tsconfig-paths detected]
    I --> J[Deprecation warning emitted\nVite 8 has built-in TS path support]
    C --> K[Platform binaries installed\ndarwin, linux, win32, android...]
Loading

Last reviewed commit: "build(deps-dev): bum..."

Comment thread packages/ui/package.json Outdated
"process": "^0.11.10",
"rollup": "^4.59.0",
"vite": "^7.3.1",
"vite": "^8.0.0",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Vite 8 raises minimum Node.js version to ^20.19.0 || >=22.12.0

Vite 8 (via its bundled rolldown and @oxc-project/runtime dependencies) enforces a strict engine requirement of ^20.19.0 || >=22.12.0. This is a significant step up from Vite 7, which supported older Node.js releases.

The CI workflow (.github/workflows/test.yml) currently uses node-version: [20.x], which resolves to the latest 20.x patch on the runner. As of the time of this PR that should be ≥ 20.19.0, so CI itself is likely fine — but any developer or deployment environment still on Node 18.x or Node 20.0.0–20.18.x will fail to install/run Vite 8. It would be worth documenting this new requirement in the project's contributing guide or README, and considering pinning the CI matrix to 20.19.x (or 22.x) explicitly to make the minimum version requirement clear and enforceable.

Comment thread packages/ui/package.json
@@ -73,7 +73,7 @@
"postcss": "^8.5.6",
"process": "^0.11.10",
"rollup": "^4.59.0",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 rollup devDependency is now redundant with Vite 8

Vite 8 replaces rollup with rolldown as its underlying bundler. The lock file confirms rollup is now marked as "peer": true (a peer dependency of the old vite 7 entry) rather than a direct runtime dependency of Vite 8. Keeping "rollup": "^4.59.0" as a devDependency in this package is likely dead weight and could cause confusion about which bundler is actually in use. Consider removing it unless another tool in the build pipeline explicitly requires it.

Suggested change
"rollup": "^4.59.0",
"vite": "^8.0.0",

Comment thread packages/ui/package.json
"vite": "^7.3.1",
"vite": "^8.0.0",
"vite-plugin-css-injected-by-js": "^4.0.1",
"vite-tsconfig-paths": "^6.1.1"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Vite 8 warns about vite-tsconfig-paths

The Vite 8 changelog explicitly calls out a new warning: "warn when vite-tsconfig-paths plugin is detected" (see #21781). This is because Vite 8 now natively resolves TypeScript paths from tsconfig.json, making the plugin redundant.

vite-tsconfig-paths is used in packages/ui/vite.config.mts:

import tsconfigPaths from 'vite-tsconfig-paths';
// ...
plugins: [react(), tsconfigPaths({ root: '.' }), cssInjectedByJsPlugin()],

Every Vite build or dev-server start will now emit a deprecation warning. It is worth removing the vite-tsconfig-paths dependency and its usage from the vite config and relying on Vite 8's built-in path resolution instead.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vite-8.0.0 branch 2 times, most recently from 538cd07 to 69dccf7 Compare March 18, 2026 01:32
@dosubot dosubot Bot added the size:XS This PR changes 0-9 lines, ignoring generated files. label Mar 18, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vite-8.0.0 branch 2 times, most recently from ba45732 to 8225f8b Compare March 20, 2026 03:35
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vite-8.0.0 branch from 8225f8b to 5aa8fa3 Compare March 20, 2026 03:47
@dependabot @github

dependabot Bot commented on behalf of github Apr 1, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #1408.

@dependabot dependabot Bot closed this Apr 1, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/vite-8.0.0 branch April 1, 2026 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies npm size:XS This PR changes 0-9 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants