Skip to content

[Backport] fix: upgrade vite to latest stable version 7.1.7#31

Closed
Dhruwang wants to merge 2 commits into
release/2.3.0from
fix/1024-dependabot-warnings
Closed

[Backport] fix: upgrade vite to latest stable version 7.1.7#31
Dhruwang wants to merge 2 commits into
release/2.3.0from
fix/1024-dependabot-warnings

Conversation

@Dhruwang
Copy link
Copy Markdown
Member

@Dhruwang Dhruwang commented Sep 26, 2025
edited
Loading

Backport PR to release/2.3.0

This is a backport of the Vite upgrade to the latest stable version (7.1.7) to the release/2.3.0 branch to ensure the released version also receives all security fixes and improvements.

Original PR

Main branch PR: #30

Description

This PR backports the Vite upgrade from version 7.0.0 to 7.1.7 (latest stable) to address security vulnerabilities flagged by Dependabot.

Changes

  • 🔧 Updates vite dependency from 7.0.0 to 7.1.7 (latest stable) in packages/react-native/package.json
  • 📦 Updates corresponding entries in pnpm-lock.yaml

Why This Backport

  • Fixes dependabot security warnings in the released 2.3.0 branch
  • Ensures users of version 2.3.0 get the latest stable version with all security fixes
  • Includes all security patches and improvements from versions 7.0.1 through 7.1.7
  • Critical security patches should be backported to stable release branches

Security Impact

  • Addresses all known vulnerabilities in Vite 7.0.0
  • Includes latest security patches from stable releases 7.0.1-7.1.7
  • No functional changes, only security improvements and bug fixes
  • Safe to merge into release branch as it's within the same major version

Type of Change

  • Security update (latest stable backport)
  • New feature
  • Breaking change
  • Documentation update

Checklist

  • This is a clean backport of latest stable version
  • No breaking changes introduced
  • Changes have been tested locally
  • Dependencies are compatible with release branch
  • All security patches included

@Dhruwang
fix: update vite to 7.0.7 to address dependabot security warnings
73a4057 
- Updates vite from 7.0.0 to 7.0.7 in react-native package
- Resolves security vulnerabilities flagged by dependabot
- Updates corresponding pnpm lockfile entries
@Dhruwang
fix: upgrade vite to latest stable version 7.1.7
584fa97 
- Updates vite from 7.0.7 to 7.1.7 (latest stable)
- Addresses all dependabot security warnings
- Includes latest security patches and improvements
- Updates corresponding pnpm lockfile entries
@Dhruwang Dhruwang changed the title [Backport] fix: update vite to 7.0.7 to address dependabot security warnings [Backport] fix: upgrade vite to latest stable version 7.1.7 Sep 26, 2025
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Sep 26, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@pandeymangg pandeymangg closed this Oct 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pandeymangg pandeymangg pandeymangg approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Dhruwang @pandeymangg