Skip to content

chore(deps-dev): bump vite-plus from 0.1.22 to 0.2.4#11

Merged
bdbch merged 1 commit into
mainfrom
dependabot/npm_and_yarn/vite-plus-0.2.4
Jul 14, 2026
Merged

chore(deps-dev): bump vite-plus from 0.1.22 to 0.2.4#11
bdbch merged 1 commit into
mainfrom
dependabot/npm_and_yarn/vite-plus-0.2.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 11, 2026

Copy link
Copy Markdown
Contributor

Bumps vite-plus from 0.1.22 to 0.2.4.

Release notes

Sourced from vite-plus's releases.

vite-plus v0.2.4: Vitest security hotfix

This hotfix updates the bundled Vitest Browser Mode packages to 4.1.10, which includes the fix for GHSA-p63j-vcc4-9vmv. The advisory is critical and affects @vitest/browser <=4.1.9.

Highlights

  • Critical Vitest Browser Mode advisory fixed: bundled vitest and @vitest/browser* move from 4.1.9 to 4.1.10, addressing GHSA-p63j-vcc4-9vmv, where provider commands could bypass the file access permission gate (#2089), by @​voidzero-guard[bot]

Chore

  • Add the standard release-manager skill for vite-plus release operations (#2019), by @​fengmk2

Bundled Versions

Tool Version Source
vite 8.1.3 578ffb8
rolldown 1.1.4 6cbd233
tsdown 0.22.3 npm
vitest 4.1.10 npm
oxlint 1.72.0 npm
oxlint-tsgolint 0.24.0 npm
oxfmt 0.57.0 npm

Upgrade

vp upgrade

New Contributors

No new contributors in this release.

Full Changelog: voidzero-dev/vite-plus@v0.2.3...v0.2.4

Published Packages

  • @voidzero-dev/vite-plus-core@0.2.4
  • vite-plus@0.2.4

Installation

macOS/Linux:

curl -fsSL https://vite.plus | bash

Windows:

irm https://vite.plus/ps1 | iex
</tr></table> 

... (truncated)

Commits
  • 1ca9f0f release: v0.2.4: Vitest security hotfix
  • 747f0e5 fix(deps): upgrade vitest to 4.1.10
  • 7f70680 release: v0.2.3: config extraction, create, and vp run reliability fixes (#2081)
  • 4a5d742 fix(static_config): trust defineConfig from vite (#2075)
  • 603140d feat(test): PTY-based interactive CLI snapshot tests (#2052)
  • dcae79f fix(create): read org manifest from the tarball when the registry strips crea...
  • b9b15c4 fix(static_config): only trust defineConfig fromvite-plus (#2060)
  • 98cc0db ci: pack local dirs for the registry bridge instead of pkg.pr.new (#2038)
  • 638c447 fix(global): respect custom VP_HOME (#2029)
  • b99c778 refactor(cli): remove unused exported helpers (#2046)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 11, 2026
Bumps [vite-plus](https://github.com/voidzero-dev/vite-plus/tree/HEAD/packages/cli) from 0.1.22 to 0.2.4.
- [Release notes](https://github.com/voidzero-dev/vite-plus/releases)
- [Commits](https://github.com/voidzero-dev/vite-plus/commits/v0.2.4/packages/cli)

---
updated-dependencies:
- dependency-name: vite-plus
  dependency-version: 0.2.4
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vite-plus-0.2.4 branch from 8a951c5 to 2a863fd Compare July 11, 2026 21:43
@bdbch

bdbch commented Jul 14, 2026

Copy link
Copy Markdown
Owner

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 80bf7b4c-6d0e-4262-bcab-38144abc3dd6

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Comment @coderabbitai help to get the list of available commands.

@bdbch bdbch merged commit 63e7d2e into main Jul 14, 2026
1 of 2 checks passed
@bdbch bdbch deleted the dependabot/npm_and_yarn/vite-plus-0.2.4 branch July 14, 2026 12:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant