Skip to content

chore(deps-dev): bump vite from 6.4.1 to 8.0.7 in /prompt-launcher#38

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/prompt-launcher/vite-8.0.7
Open

chore(deps-dev): bump vite from 6.4.1 to 8.0.7 in /prompt-launcher#38
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/prompt-launcher/vite-8.0.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 8, 2026

Copy link
Copy Markdown

Bumps vite from 6.4.1 to 8.0.7.

Release notes

Sourced from vite's releases.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.1

Please refer to CHANGELOG.md for details.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0-beta.18

Please refer to CHANGELOG.md for details.

v8.0.0-beta.17

Please refer to CHANGELOG.md for details.

v8.0.0-beta.16

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.7 (2026-04-07)

Bug Fixes

  • use sync dns.getDefaultResultOrder instead of dns.promises (#22185) (5c05b04)

8.0.6 (2026-04-07)

Features

Bug Fixes

Performance Improvements

  • early return in getLocalhostAddressIfDiffersFromDNS when DNS order is verbatim (#22151) (56ec256)

Miscellaneous Chores

8.0.5 (2026-04-06)

Bug Fixes

  • apply server.fs check to env transport (#22159) (f02d9fd)
  • avoid path traversal with optimize deps sourcemap handler (#22161) (79f002f)
  • check server.fs after stripping query as well (#22160) (a9a3df2)
  • disallow referencing files outside the package from sourcemap (#22158) (f05f501)

8.0.4 (2026-04-06)

Features

  • allow esbuild 0.28 as peer deps (#22155) (b0da973)
  • hmr: truncate list of files on hmr update (#21535) (d00e806)
  • optimizer: log when dependency scanning or bundling takes over 1s (#21797) (f61a1ab)

Bug Fixes

  • hasBothRollupOptionsAndRolldownOptions should return false for proxy case (#22043) (99897d2)
  • add types for vite/modulepreload-polyfill (#22126) (17330d2)
  • deps: update all non-major dependencies (#22073) (6daa10f)
  • deps: update all non-major dependencies (#22143) (22b0166)
  • resolve: resolve tsconfig paths starting with # (#22038) (3460fc5)
  • ssr: use browser platform for webworker SSR builds (fix #21969) (#21963) (364c227)

Documentation

... (truncated)

Commits
  • fdb2e6f release: v8.0.7
  • 5c05b04 fix: use sync dns.getDefaultResultOrder instead of dns.promises (#22185)
  • 7b3086f release: v8.0.6
  • af71fb2 chore: replace remaining prettier script (#22179)
  • 51d3e48 feat: update rolldown to 1.0.0-rc.13 (#22097)
  • 17a8f9e fix(optimize-deps): hoist CJS interop assignment (#22156)
  • d5081c2 fix(css): avoid mutating sass error multiple times (#22115)
  • 56ec256 perf: early return in getLocalhostAddressIfDiffersFromDNS when DNS order is...
  • bdc53ab chore(create-vite): remove unnecessary DOM.Iterable (#22168)
  • 1a12d4c release: v8.0.5
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps-dev): bump vite from 6.4.1 to 8.0.7 in /prompt-launcher
b9d1000 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.4.1 to 8.0.7.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.7/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 8.0.7
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Apr 8, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from ZeroPointSix as a code owner April 8, 2026 00:13
@dependabot dependabot Bot mentioned this pull request Apr 8, 2026
Closed
ZeroPointSix
ZeroPointSix requested changes Jun 11, 2026
View reviewed changes

@ZeroPointSix ZeroPointSix left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

总体结论:本轮巡检认领并审查了 PR #38。当前改动把 prompt-launcher 的 Vite 从 6.x 升到 8.x,但现有 SvelteKit 依赖仍停在不兼容的版本范围,CI 已在 npm ci 阶段失败;建议先修依赖组合后再继续合并。

关键发现:

  • 阻塞:CI check-and-test (22.x)Install dependencies 步骤失败,错误为 ERESOLVE could not resolve。日志显示当前解析到 @sveltejs/kit@2.49.4,其 peer dependency 只接受 vite@^5.0.3 || ^6.0.0 || ^7.0.0-beta.0,但本 PR 将根项目 vite 升到 ^8.0.7,因此安装阶段已经无法通过。建议要么同步升级 @sveltejs/kit 到支持 Vite 8 的版本并重新生成 lockfile,要么先将 Vite 升级目标降回 SvelteKit 当前 peer range 支持的版本。
  • 高:package-lock.json 显示 Vite 8 依赖链从 Rollup/esbuild 体系切换到 rolldown@1.0.0-rc.13lightningcss 等新依赖,并且 vite@8.0.7 的 engine 要求为 node ^20.19.0 || >=22.12.0。CI 当前 Node 22.22.2 满足要求,但需要确认本地开发、构建机和 Tauri 打包环境也都满足该最低版本,否则依赖安装或构建会在其他环境失败。
  • 中:lockfile 中大量包的 resolved 来源从 registry.npmmirror.com 变为 registry.npmjs.org。这可能只是 Dependabot 生成环境差异,但会影响依赖来源一致性。建议确认仓库是否有固定 registry 策略;若希望保持镜像源,需要按仓库约定重新生成 lockfile。

优先级建议:

  • 阻塞:先解决 @sveltejs/kit 与 Vite 8 的 peer dependency 冲突,确保 npm ci 通过。
  • 高:确认 Node 版本边界,尤其是本地开发和 Tauri 构建环境是否满足 Vite 8 的 engine 要求。
  • 中:确认 lockfile registry 来源变化是否符合预期。

后续建议:

  • 更稳妥的处理方式是把 Vite 8 与 @sveltejs/kit@sveltejs/vite-plugin-svelte 等 Svelte 工具链升级放在同一个兼容性 PR 中,并在 PR 中贴出 npm cinpm run checknpm run build 的结果;如果 PR #44 的完整测试入口已合入基线,也建议补跑 npm run test

@ZeroPointSix ZeroPointSix mentioned this pull request Jun 11, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ZeroPointSix ZeroPointSix ZeroPointSix requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ZeroPointSix