Skip to content

Bump vite-plus from 0.1.14 to 0.1.16#96

Merged
porada merged 1 commit intomainfrom
dependabot/npm_and_yarn/vite-plus-0.1.16
Apr 7, 2026
Merged

Bump vite-plus from 0.1.14 to 0.1.16#96
porada merged 1 commit intomainfrom
dependabot/npm_and_yarn/vite-plus-0.1.16

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 7, 2026
edited
Loading

Bumps vite-plus from 0.1.14 to 0.1.16.

Release notes

Sourced from vite-plus's releases.

vite-plus v0.1.16 — Security patches, Volta migration and Windows fixes

A broad release focused on security and ecosystem compatibility: 3 Vite dev server security fixes, Volta migration support, Bun object-form workspaces, JFrog registry support, and a wave of Windows and shell fixes.

Highlights

  • Security: 3 Vite dev server vulnerabilities patched — Vite 8.0.5 fixes arbitrary file read via WebSocket (CVE-2026-39363, High — vite#22159), server.fs.deny bypass with query parameters (CVE-2026-39364, High — vite#22160), and path traversal in optimized deps .map handling (CVE-2026-39365, Moderate — vite#22161)
  • Volta node version migrationvp migrate now migrates Volta-managed Node.js versions to .node-version (#1201)
  • vp env off disables Node.js management globally — Disables Node.js management for all vp commands, not just the current shell (#1255)
  • Bun object-form workspace support — Workspaces defined as objects in package.json are now properly detected (#1250)
  • Windows install reliability — Fixed PowerShell install errors and scoped CI env vars to child processes (#1284, #1292)

Features

Fixes & Enhancements

Refactor

  • Use .ts import extensions (#1274) — @​fengmk2
  • Migrate CLI build from tsc+rolldown to tsdown (#1276) — @​fengmk2 Replaces the split build strategy (tsc for local CLI code + rolldown for global modules) with a unified tsdown configuration. All third-party deps are now inlined at build time, eliminating the rolldown.config.ts and its manual external/path-rewriting plugins. Runtime dependencies dropped from 10 → 6:
    Before (v0.1.15) After (v0.1.16)
    dependencies 10 6
    Removed cac, cross-spawn, jsonc-parser, picocolors (inlined by tsdown)

Docs

... (truncated)

Commits
  • 14200b9 fix(cli): fix PowerShell install errors on Windows (#1284)
  • 5ac585a fix(cli): override rolldown panic hook with vite-plus branding (#1287)
  • dad6bb4 fix(lint): correctly resolve tsgolint in yarn monorepo packages (#1310)
  • d7b9b6a fix(cli): scope CI env var to child process in Windows install script (#1292)
  • 3a1b440 fix(cli): update .yarnrc template to use node_modules (#1297)
  • feefa31 fix(upgrade): bypass package manager release age gates during vp upgrade (#...
  • 1fe4cff refactor(cli): migrate build from tsc+rolldown to tsdown (#1276)
  • ea02a9c refactor(tools): use .ts import extensions (#1274)
  • 0d24eb9 feat(cli): add explanations to migration prompts (#1270)
  • 0c4e54f chore(install): clarify Node.js version management prompt (#1273)
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 7, 2026
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/vite-plus-0.1.16 branch from 3c579c1 to a348518 Compare April 7, 2026 19:38
@dependabot
Bump vite-plus from 0.1.14 to 0.1.16
c3b4101 
Bumps [vite-plus](https://github.com/voidzero-dev/vite-plus/tree/HEAD/packages/cli) from 0.1.14 to 0.1.16.
- [Release notes](https://github.com/voidzero-dev/vite-plus/releases)
- [Commits](https://github.com/voidzero-dev/vite-plus/commits/v0.1.16/packages/cli)

---
updated-dependencies:
- dependency-name: vite-plus
  dependency-version: 0.1.16
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/vite-plus-0.1.16 branch from a348518 to c3b4101 Compare April 7, 2026 19:42
@porada porada merged commit 708591b into main Apr 7, 2026
8 checks passed
@porada porada deleted the dependabot/npm_and_yarn/vite-plus-0.1.16 branch April 7, 2026 19:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@porada