chore(deps): bump vite from 8.0.3 to 8.0.8

[dependabot]

Bumps vite from 8.0.3 to 8.0.8.

Release notes

Sourced from vite's releases.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.8 (2026-04-09)

Features

• update rolldown to 1.0.0-rc.15 (#22201) (6baf587)

Bug Fixes

• avoid dns.getDefaultResultOrder temporary (#22202) (15f1c15)
• ssr: class property keys hoisting matching imports (#22199) (e137601)

8.0.7 (2026-04-07)

Bug Fixes

• use sync dns.getDefaultResultOrder instead of dns.promises (#22185) (5c05b04)

8.0.6 (2026-04-07)

Features

• update rolldown to 1.0.0-rc.13 (#22097) (51d3e48)

Bug Fixes

• css: avoid mutating sass error multiple times (#22115) (d5081c2)
• optimize-deps: hoist CJS interop assignment (#22156) (17a8f9e)

Performance Improvements

• early return in getLocalhostAddressIfDiffersFromDNS when DNS order is verbatim (#22151) (56ec256)

Miscellaneous Chores

• create-vite: remove unnecessary DOM.Iterable (#22168) (bdc53ab)
• replace remaining prettier script (#22179) (af71fb2)

8.0.5 (2026-04-06)

Bug Fixes

• apply server.fs check to env transport (#22159) (f02d9fd)
• avoid path traversal with optimize deps sourcemap handler (#22161) (79f002f)
• check server.fs after stripping query as well (#22160) (a9a3df2)
• disallow referencing files outside the package from sourcemap (#22158) (f05f501)

8.0.4 (2026-04-06)

Features

• allow esbuild 0.28 as peer deps (#22155) (b0da973)
• hmr: truncate list of files on hmr update (#21535) (d00e806)
• optimizer: log when dependency scanning or bundling takes over 1s (#21797) (f61a1ab)

Bug Fixes

... (truncated)

Commits

• 6e585dc release: v8.0.8
• e137601 fix(ssr): class property keys hoisting matching imports (#22199)
• 15f1c15 fix: avoid dns.getDefaultResultOrder temporary (#22202)
• 6baf587 feat: update rolldown to 1.0.0-rc.15 (#22201)
• fdb2e6f release: v8.0.7
• 5c05b04 fix: use sync dns.getDefaultResultOrder instead of dns.promises (#22185)
• 7b3086f release: v8.0.6
• af71fb2 chore: replace remaining prettier script (#22179)
• 51d3e48 feat: update rolldown to 1.0.0-rc.13 (#22097)
• 17a8f9e fix(optimize-deps): hoist CJS interop assignment (#22156)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Labels

The following labels could not be found: automated. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@emnapi/core	1.9.2	🟢 3.8	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 19 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/runtime	1.9.2	🟢 3.8	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 19 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/wasi-threads	1.2.1	🟢 3.8	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 19 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@napi-rs/wasm-runtime	1.1.4	🟢 5.7	Details Check Score Reason Code-Review 🟢 6 Found 15/25 approved changesets -- score normalized to 6 Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@oxc-project/types	0.124.0	Unknown	Unknown
npm/@rolldown/binding-android-arm64	1.0.0-rc.15	Unknown	Unknown
npm/@rolldown/binding-darwin-arm64	1.0.0-rc.15	Unknown	Unknown
npm/@rolldown/binding-darwin-x64	1.0.0-rc.15	Unknown	Unknown
npm/@rolldown/binding-freebsd-x64	1.0.0-rc.15	Unknown	Unknown
npm/@rolldown/binding-linux-arm-gnueabihf	1.0.0-rc.15	Unknown	Unknown
npm/@rolldown/binding-linux-arm64-gnu	1.0.0-rc.15	Unknown	Unknown
npm/@rolldown/binding-linux-arm64-musl	1.0.0-rc.15	Unknown	Unknown
npm/@rolldown/binding-linux-ppc64-gnu	1.0.0-rc.15	Unknown	Unknown
npm/@rolldown/binding-linux-s390x-gnu	1.0.0-rc.15	Unknown	Unknown
npm/@rolldown/binding-linux-x64-gnu	1.0.0-rc.15	Unknown	Unknown
npm/@rolldown/binding-linux-x64-musl	1.0.0-rc.15	Unknown	Unknown
npm/@rolldown/binding-openharmony-arm64	1.0.0-rc.15	Unknown	Unknown
npm/@rolldown/binding-wasm32-wasi	1.0.0-rc.15	Unknown	Unknown
npm/@rolldown/binding-win32-arm64-msvc	1.0.0-rc.15	Unknown	Unknown
npm/@rolldown/binding-win32-x64-msvc	1.0.0-rc.15	Unknown	Unknown
npm/@rolldown/pluginutils	1.0.0-rc.15	Unknown	Unknown
npm/rolldown	1.0.0-rc.15	Unknown	Unknown
npm/vite	8.0.8	🟢 6.5	Details Check Score Reason Code-Review 🟢 5 Found 16/28 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Binary-Artifacts 🟢 5 binaries present in source code Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6

Scanned Files

• package-lock.json

[dependabot]

Looks like vite is up-to-date now, so this is no longer needed.