Skip to content

chore(deps): bump the npm_and_yarn group across 37 directories with 6 updates#1

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/apps/ai-content-generator/npm_and_yarn-1954ba46e8
Open

chore(deps): bump the npm_and_yarn group across 37 directories with 6 updates#1
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/apps/ai-content-generator/npm_and_yarn-1954ba46e8

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Sep 11, 2025

Bumps the npm_and_yarn group with 2 updates in the /apps/ai-content-generator directory: vite and @vitejs/plugin-react.
Bumps the npm_and_yarn group with 1 update in the /apps/ai-image-generator/frontend directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/ai-image-tagging/frontend directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/aws-amplify directory: vite.
Bumps the npm_and_yarn group with 2 updates in the /apps/bedrock-content-generator directory: vite and @vitejs/plugin-react.
Bumps the npm_and_yarn group with 1 update in the /apps/brandfolder directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/braze directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/color-picker directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/commercetools directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/dropbox directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/frontify directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/gatsby directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/google-analytics-4/frontend directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/graphql-playground directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/graphql-playground-v2 directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/image-focal-point directory: vite.
Bumps the npm_and_yarn group with 2 updates in the /apps/jira/functions directory: tmp and inquirer.
Bumps the npm_and_yarn group with 1 update in the /apps/jira/jira-app directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/json-viewer directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/microsoft-teams/app-actions directory: sha.js.
Bumps the npm_and_yarn group with 2 updates in the /apps/microsoft-teams/frontend directory: vite and @vitejs/plugin-react.
Bumps the npm_and_yarn group with 1 update in the /apps/mux/frontend directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/netlify/frontend directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/optimizely directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/saleor directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/salesforce-commerce-cloud directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/sap-commerce-cloud/frontend directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/side-notes-app directory: vite.
Bumps the npm_and_yarn group with 2 updates in the /apps/slack/lambda directory: tmp and inquirer.
Bumps the npm_and_yarn group with 1 update in the /apps/smartling/frontend directory: vite.
Bumps the npm_and_yarn group with 1 update in the /apps/typeform/frontend directory: vite.
Bumps the npm_and_yarn group with 2 updates in the /apps/vercel/frontend directory: vite and @vitejs/plugin-react.
Bumps the npm_and_yarn group with 1 update in the /apps/wistia-videos directory: vite.
Bumps the npm_and_yarn group with 1 update in the /examples/last-fm directory: vite.
Bumps the npm_and_yarn group with 1 update in the /examples/nextjs directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/remix directory: vite.
Bumps the npm_and_yarn group with 1 update in the /packages/ecommerce-app-base directory: vite.

Updates vite from 4.5.14 to 7.1.5

Release notes

Sourced from vite's releases.

v7.1.5

Please refer to CHANGELOG.md for details.

v7.1.4

Please refer to CHANGELOG.md for details.

v7.1.3

Please refer to CHANGELOG.md for details.

v7.1.2

Please refer to CHANGELOG.md for details.

v7.1.1

Please refer to CHANGELOG.md for details.

create-vite@7.1.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.1.0

Please refer to CHANGELOG.md for details.

create-vite@7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0-beta.1

Please refer to CHANGELOG.md for details.

v7.1.0-beta.0

Please refer to CHANGELOG.md for details.

v7.0.7

Please refer to CHANGELOG.md for details.

v7.0.6

Please refer to CHANGELOG.md for details.

v7.0.5

Please refer to CHANGELOG.md for details.

v7.0.4

Please refer to CHANGELOG.md for details.

v7.0.3

Please refer to CHANGELOG.md for details.

create-vite@7.0.3

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

7.1.5 (2025-09-08)

Bug Fixes

7.1.4 (2025-09-01)

Bug Fixes

Miscellaneous Chores

  • remove unused constants entry from rolldown.config.ts (#20710) (537fcf9)

Code Refactoring

  • remove unnecessary minify parameter from finalizeCss (#20701) (8099582)

7.1.3 (2025-08-19)

Features

  • cli: add Node.js version warning for unsupported versions (#20638) (a1be1bf)
  • generate code frame for parse errors thrown by terser (#20642) (a9ba017)
  • support long lines in generateCodeFrame (#20640) (1559577)

Bug Fixes

  • deps: update all non-major dependencies (#20634) (4851cab)
  • optimizer: incorrect incompatible error (#20439) (446fe83)
  • support multiline new URL(..., import.meta.url) expressions (#20644) (9ccf142)

Performance Improvements

Miscellaneous Chores

Code Refactoring

Tests

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vite since your current version.


Updates @vitejs/plugin-react from 4.0.4 to 4.7.0

Release notes

Sourced from @​vitejs/plugin-react's releases.

plugin-react@4.7.0

Add HMR support for compound components (#518)

HMR now works for compound components like this:

const Root = () => <div>Accordion Root</div>
const Item = () => <div>Accordion Item</div>
export const Accordion = { Root, Item }

Return Plugin[] instead of PluginOption[] (#537)

The return type has changed from react(): PluginOption[] to more specialized type react(): Plugin[]. This allows for type-safe manipulation of plugins, for example:

// previously this causes type errors
react({ babel: { plugins: ['babel-plugin-react-compiler'] } })
  .map(p => ({ ...p, applyToEnvironment: e => e.name === 'client' }))

plugin-react@4.6.0

Add raw Rolldown support

This plugin only worked with Vite. But now it can also be used with raw Rolldown. The main purpose for using this plugin with Rolldown is to use react compiler.

plugin-react@4.5.2

Suggest @vitejs/plugin-react-oxc if rolldown-vite is detected #491

Emit a log which recommends @vitejs/plugin-react-oxc when rolldown-vite is detected to improve performance and use Oxc under the hood. The warning can be disabled by setting disableOxcRecommendation: false in the plugin options.

Use optimizeDeps.rollupOptions instead of optimizeDeps.esbuildOptions for rolldown-vite #489

This suppresses the warning about optimizeDeps.esbuildOptions being deprecated in rolldown-vite.

Add Vite 7-beta to peerDependencies range #497

React plugins are compatible with Vite 7, this removes the warning when testing the beta.

plugin-react@4.5.1

Add explicit semicolon in preambleCode #485

This fixes an edge case when using HTML minifiers that strips line breaks aggressively.

plugin-react@4.5.0

Add filter for rolldown-vite #470

Added filter so that it is more performant when running this plugin with rolldown-powered version of Vite.

... (truncated)

Changelog

Sourced from @​vitejs/plugin-react's changelog.

4.7.0 (2025-07-18)

Add HMR support for compound components (#518)

HMR now works for compound components like this:

const Root = () => <div>Accordion Root</div>
const Item = () => <div>Accordion Item</div>
export const Accordion = { Root, Item }

Return Plugin[] instead of PluginOption[] (#537)

The return type has changed from react(): PluginOption[] to more specialized type react(): Plugin[]. This allows for type-safe manipulation of plugins, for example:

// previously this causes type errors
react({ babel: { plugins: ['babel-plugin-react-compiler'] } })
  .map(p => ({ ...p, applyToEnvironment: e => e.name === 'client' }))

4.6.0 (2025-06-23)

Add raw Rolldown support

This plugin only worked with Vite. But now it can also be used with raw Rolldown. The main purpose for using this plugin with Rolldown is to use react compiler.

4.5.2 (2025-06-10)

Suggest @vitejs/plugin-react-oxc if rolldown-vite is detected #491

Emit a log which recommends @vitejs/plugin-react-oxc when rolldown-vite is detected to improve performance and use Oxc under the hood. The warning can be disabled by setting disableOxcRecommendation: true in the plugin options.

Use optimizeDeps.rollupOptions instead of optimizeDeps.esbuildOptions for rolldown-vite #489

This suppresses the warning about optimizeDeps.esbuildOptions being deprecated in rolldown-vite.

Add Vite 7-beta to peerDependencies range #497

React plugins are compatible with Vite 7, this removes the warning when testing the beta.

4.5.1 (2025-06-03)

Add explicit semicolon in preambleCode #485

This fixes an edge case when using HTML minifiers that strips line breaks aggressively.

4.5.0 (2025-05-23)

... (truncated)

Commits
  • 8041706 release: plugin-react@4.7.0
  • bbfd1b7 chore: update changelog for #537
  • fdc9d9a feat: add hmr support for compound components (#518)
  • d14f31d fix(deps): update all non-major dependencies (#568)
  • 22be17f build: use tsdown for plugin-react / plugin-react-oxc (#554)
  • 840f0b1 chore(deps): update prettier (#556)
  • cfe2912 fix(deps): update all non-major dependencies (#540)
  • 11f56d6 fix: return Plugin[] instead of PluginOption[] (#537)
  • 9da5e19 fix(deps): update all non-major dependencies (#519)
  • 1583c5d chore: remove Vite 7 beta from supported range (#517)
  • Additional commits viewable in compare view

Updates vite from 5.4.19 to 5.4.20

Release notes

Sourced from vite's releases.

v7.1.5

Please refer to CHANGELOG.md for details.

v7.1.4

Please refer to CHANGELOG.md for details.

v7.1.3

Please refer to CHANGELOG.md for details.

v7.1.2

Please refer to CHANGELOG.md for details.

v7.1.1

Please refer to CHANGELOG.md for details.

create-vite@7.1.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.1.0

Please refer to CHANGELOG.md for details.

create-vite@7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0-beta.1

Please refer to CHANGELOG.md for details.

v7.1.0-beta.0

Please refer to CHANGELOG.md for details.

v7.0.7

Please refer to CHANGELOG.md for details.

v7.0.6

Please refer to CHANGELOG.md for details.

v7.0.5

Please refer to CHANGELOG.md for details.

v7.0.4

Please refer to CHANGELOG.md for details.

v7.0.3

Please refer to CHANGELOG.md for details.

create-vite@7.0.3

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

7.1.5 (2025-09-08)

Bug Fixes

7.1.4 (2025-09-01)

Bug Fixes

Miscellaneous Chores

  • remove unused constants entry from rolldown.config.ts (#20710) (537fcf9)

Code Refactoring

  • remove unnecessary minify parameter from finalizeCss (#20701) (8099582)

7.1.3 (2025-08-19)

Features

  • cli: add Node.js version warning for unsupported versions (#20638) (a1be1bf)
  • generate code frame for parse errors thrown by terser (#20642) (a9ba017)
  • support long lines in generateCodeFrame (#20640) (1559577)

Bug Fixes

  • deps: update all non-major dependencies (#20634) (4851cab)
  • optimizer: incorrect incompatible error (#20439) (446fe83)
  • support multiline new URL(..., import.meta.url) expressions (#20644) (9ccf142)

Performance Improvements

Miscellaneous Chores

Code Refactoring

Tests

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vite since your current version.


Updates vite from 5.4.19 to 5.4.20

Release notes

Sourced from vite's releases.

v7.1.5

Please refer to CHANGELOG.md for details.

v7.1.4

Please refer to CHANGELOG.md for details.

v7.1.3

Please refer to CHANGELOG.md for details.

v7.1.2

Please refer to CHANGELOG.md for details.

v7.1.1

Please refer to CHANGELOG.md for details.

create-vite@7.1.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.1.0

Please refer to CHANGELOG.md for details.

create-vite@7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0-beta.1

Please refer to CHANGELOG.md for details.

v7.1.0-beta.0

Please refer to CHANGELOG.md for details.

v7.0.7

Please refer to CHANGELOG.md for details.

v7.0.6

Please refer to CHANGELOG.md for details.

v7.0.5

Please refer to CHANGELOG.md for details.

v7.0.4

Please refer to CHANGELOG.md for details.

v7.0.3

Please refer to CHANGELOG.md for details.

create-vite@7.0.3

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

7.1.5 (2025-09-08)

Bug Fixes

7.1.4 (2025-09-01)

Bug Fixes

Miscellaneous Chores

  • remove unused constants entry from rolldown.config.ts (#20710) (537fcf9)

Code Refactoring

  • remove unnecessary minify parameter from finalizeCss (#20701) (8099582)

7.1.3 (2025-08-19)

Features

  • cli: add Node.js version warning for unsupported versions (#20638) (a1be1bf)
  • generate code frame for parse errors thrown by terser (#20642) (a9ba017)
  • support long lines in generateCodeFrame (#20640) (1559577)

Bug Fixes

  • deps: update all non-major dependencies (#20634) (4851cab)
  • optimizer: incorrect incompatible error (#20439) (446fe83)
  • support multiline new URL(..., import.meta.url) expressions (#20644) (9ccf142)

Performance Improvements

Miscellaneous Chores

Code Refactoring

Tests

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vite since your current version.


Updates vite from 5.4.19 to 5.4.20

Release notes

Sourced from vite's releases.

v7.1.5

Please refer to CHANGELOG.md for details.

v7.1.4

Please refer to CHANGELOG.md for details.

v7.1.3

Please refer to CHANGELOG.md for details.

v7.1.2

Please refer to CHANGELOG.md for details.

v7.1.1

Please refer to CHANGELOG.md for details.

create-vite@7.1.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.1.0

Please refer to CHANGELOG.md for details.

create-vite@7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0-beta.1

Please refer to CHANGELOG.md for details.

v7.1.0-beta.0

Please refer to CHANGELOG.md for details.

v7.0.7

Please refer to CHANGELOG.md for details.

v7.0.6

Please refer to CHANGELOG.md for details.

v7.0.5

Please refer to CHANGELOG.md for details.

v7.0.4

Please refer to CHANGELOG.md for details.

v7.0.3

Please refer to CHANGELOG.md for details.

create-vite@7.0.3

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

7.1.5 (2025-09-08)

Bug Fixes

7.1.4 (2025-09-01)

Bug Fixes

Miscellaneous Chores

  • remove unused constants entry from rolldown.config.ts (#20710) (537fcf9)

Code Refactoring

  • remove unnecessary minify parameter from finalizeCss (#20701) (8099582)

7.1.3 (2025-08-19)

Features

  • cli: add Node.js version warning for unsupported versions (#20638) (a1be1bf)
  • generate code frame for parse errors thrown by terser (#20642) (a9ba017)
  • support long lines in generateCodeFrame (#20640) (1559577)

Bug Fixes

  • deps: update all non-major dependencies (#20634) (4851cab)
  • optimizer: incorrect incompatible error (#20439) (446fe83)
  • support multiline new URL(..., import.meta.url) expressions (#20644) (9ccf142)

Performance Improvements

Miscellaneous Chores

Code Refactoring

Tests

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vite since your current version.


Updates vite from 4.5.14 to 7.1.5

Release notes

Sourced from vite's releases.

v7.1.5

Please refer to CHANGELOG.md for details.

v7.1.4

Please refer to CHANGELOG.md for details.

v7.1.3

Please refer to CHANGELOG.md for details.

v7.1.2

Please refer to CHANGELOG.md for details.

v7.1.1

Please refer to CHANGELOG.md for details.

create-vite@7.1.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.1.0

Please refer to CHANGELOG.md for details.

create-vite@7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0-beta.1

Please refer to CHANGELOG.md for details.

v7.1.0-beta.0

Please refer to CHANGELOG.md for details.

v7.0.7

Please refer to CHANGELOG.md for details.

v7.0.6

Please refer to CHANGELOG.md for details.

v7.0.5

Please refer to CHANGELOG.md for details.

v7.0.4

Please refer to CHANGELOG.md for details.

v7.0.3

Please refer to CHANGELOG.md for details.

create-vite@7.0.3

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

7.1.5 (2025-09-08)

Bug Fixes

7.1.4 (2025-09-01)

Bug Fixes

@dependabot
chore(deps): bump the npm_and_yarn group across 37 directories with 6…
a24856a 
… updates

Bumps the npm_and_yarn group with 2 updates in the /apps/ai-content-generator directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react).
Bumps the npm_and_yarn group with 1 update in the /apps/ai-image-generator/frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/ai-image-tagging/frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/aws-amplify directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 2 updates in the /apps/bedrock-content-generator directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react).
Bumps the npm_and_yarn group with 1 update in the /apps/brandfolder directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/braze directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/color-picker directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/commercetools directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/dropbox directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/frontify directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/gatsby directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/google-analytics-4/frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/graphql-playground directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/graphql-playground-v2 directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/image-focal-point directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 2 updates in the /apps/jira/functions directory: [tmp](https://github.com/raszi/node-tmp) and [inquirer](https://github.com/SBoudrias/Inquirer.js).
Bumps the npm_and_yarn group with 1 update in the /apps/jira/jira-app directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/json-viewer directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/microsoft-teams/app-actions directory: [sha.js](https://github.com/crypto-browserify/sha.js).
Bumps the npm_and_yarn group with 2 updates in the /apps/microsoft-teams/frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react).
Bumps the npm_and_yarn group with 1 update in the /apps/mux/frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/netlify/frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/optimizely directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/saleor directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/salesforce-commerce-cloud directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/sap-commerce-cloud/frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/side-notes-app directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 2 updates in the /apps/slack/lambda directory: [tmp](https://github.com/raszi/node-tmp) and [inquirer](https://github.com/SBoudrias/Inquirer.js).
Bumps the npm_and_yarn group with 1 update in the /apps/smartling/frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /apps/typeform/frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 2 updates in the /apps/vercel/frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react).
Bumps the npm_and_yarn group with 1 update in the /apps/wistia-videos directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /examples/last-fm directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /examples/nextjs directory: [next](https://github.com/vercel/next.js).
Bumps the npm_and_yarn group with 1 update in the /examples/remix directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 1 update in the /packages/ecommerce-app-base directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `vite` from 4.5.14 to 7.1.5
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `@vitejs/plugin-react` from 4.0.4 to 4.7.0
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@4.7.0/packages/plugin-react)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 4.5.14 to 7.1.5
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `@vitejs/plugin-react` from 4.0.4 to 4.7.0
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@4.7.0/packages/plugin-react)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 6.3.4 to 6.3.6
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 6.3.4 to 6.3.6
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.18 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Removes `tmp`

Updates `inquirer` from 8.2.5 to 8.2.7
- [Release notes](https://github.com/SBoudrias/Inquirer.js/releases)
- [Commits](https://github.com/SBoudrias/Inquirer.js/compare/inquirer@8.2.5...inquirer@8.2.7)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `sha.js` from 2.4.11 to 2.4.12
- [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md)
- [Commits](browserify/sha.js@v2.4.11...v2.4.12)

Updates `vite` from 4.5.14 to 7.1.5
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `@vitejs/plugin-react` from 4.0.1 to 4.7.0
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@4.7.0/packages/plugin-react)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 6.3.5 to 6.3.6
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Removes `tmp`

Updates `inquirer` from 8.2.5 to 8.2.7
- [Release notes](https://github.com/SBoudrias/Inquirer.js/releases)
- [Commits](https://github.com/SBoudrias/Inquirer.js/compare/inquirer@8.2.5...inquirer@8.2.7)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 4.5.14 to 7.1.5
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `@vitejs/plugin-react` from 4.0.1 to 4.7.0
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@4.7.0/packages/plugin-react)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 6.2.7 to 6.3.6
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `next` from 14.2.26 to 14.2.32
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.26...v14.2.32)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

Updates `vite` from 5.4.19 to 5.4.20
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.1.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 4.7.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.1.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 4.7.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 6.3.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 6.3.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: inquirer
  dependency-version: 8.2.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: sha.js
  dependency-version: 2.4.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.1.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 4.7.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 6.3.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: inquirer
  dependency-version: 8.2.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.1.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 4.7.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 6.3.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 14.2.32
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.20
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Sep 11, 2025
@socket-security
Copy link
Copy Markdown

socket-security bot commented Sep 11, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedvitest@​2.1.9 ⏵ 2.1.198 +125 -757799 +2100
Added@​vitest/​coverage-v8@​0.34.6991006698100
Added@​typescript-eslint/​parser@​6.3.01001006997100
Updated@​types/​react-dom@​16.9.25 ⏵ 18.0.3100 +110073 +192100
Updated@​types/​react-dom@​16.9.25 ⏵ 18.2.6100 +110073 +192100
Added@​tsconfig/​create-react-app@​1.0.31001007484100
Updated@​types/​jest@​24.0.15 ⏵ 29.2.010010075 +179100
Updated@​types/​react@​16.14.62 ⏵ 18.0.9100 +110076 +194100
Addedreact-json-view@​1.21.39810010077100
Updated@​types/​react@​16.14.62 ⏵ 18.2.14100 +110077 +294100
Added@​typescript-eslint/​eslint-plugin@​6.3.0991007897100
Added@​types/​node@​18.0.31001007996100
Added@​types/​node@​18.11.51001008096100
Updatedvite@​5.4.19 ⏵ 5.4.2095 +1100 +981 +199100
Added@​originjs/​vite-plugin-commonjs@​1.0.31001008382100
Updated@​emotion/​react@​11.13.3 ⏵ 11.13.0991008683100
Added@​contentful/​rich-text-plain-text-renderer@​16.2.81001008487100
Updated@​testing-library/​react@​8.0.4 ⏵ 12.1.510010010086100
Updated@​testing-library/​react@​8.0.4 ⏵ 14.0.010010010086100
Added@​contentful/​app-scripts@​1.29.08610010097100
Added@​segment/​analytics-next@​1.72.1991001009580
Updatedtypescript@​4.9.5 ⏵ 4.8.4100100100 +1210080 -19
Added@​contentful/​app-scripts@​1.30.18810010096100
Updated@​contentful/​app-sdk@​4.29.1 ⏵ 4.13.099 +110094 -193 +10100
Added@​testing-library/​jest-dom@​5.17.010010010094100
Added@​vitejs/​plugin-react@​4.7.010010010095100
Updatedcontentful-management@​11.40.2 ⏵ 11.38.09910010099 +1100

View full report

@socket-security
Copy link
Copy Markdown

socket-security bot commented Sep 11, 2025

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Critical
vitest@2.1.1 has a Critical CVE.

CVE: GHSA-9crc-q9x8-hgqq Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening (CRITICAL)

Affected versions: >= 1.0.0 < 1.6.1; >= 2.0.0 < 2.1.9; >= 3.0.0 < 3.0.5; <= 0.0.125

Patched version: 2.1.9

From: apps/json-viewer/package-lock.jsonnpm/vitest@2.1.1

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/vitest@2.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants