Skip to content

chore(deps): update vite-plus to v0.2.4#107

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/vite-plus
Open

chore(deps): update vite-plus to v0.2.4#107
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/vite-plus

Conversation

@renovate

@renovate renovate Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
vite (source) 0.2.20.2.4 age adoption passing confidence
vite-plus (source) 0.2.20.2.4 age adoption passing confidence

Release Notes

voidzero-dev/vite-plus (vite)

v0.2.4: vite-plus v0.2.4: Vitest security hotfix

Compare Source

This hotfix updates the bundled Vitest Browser Mode packages to 4.1.10, which includes the fix for GHSA-p63j-vcc4-9vmv. The advisory is critical and affects @vitest/browser <=4.1.9.

Highlights
  • Critical Vitest Browser Mode advisory fixed: bundled vitest and @vitest/browser* move from 4.1.9 to 4.1.10, addressing GHSA-p63j-vcc4-9vmv, where provider commands could bypass the file access permission gate (#​2089), by @​voidzero-guard[bot]
Chore
  • Add the standard release-manager skill for vite-plus release operations (#​2019), by @​fengmk2
Bundled Versions
Tool Version Source
vite 8.1.3 578ffb8
rolldown 1.1.4 6cbd233
tsdown 0.22.3 npm
vitest 4.1.10 npm
oxlint 1.72.0 npm
oxlint-tsgolint 0.24.0 npm
oxfmt 0.57.0 npm
Upgrade
vp upgrade
New Contributors

No new contributors in this release.

Full Changelog: voidzero-dev/vite-plus@v0.2.3...v0.2.4

Published Packages
  • @voidzero-dev/vite-plus-core@0.2.4
  • vite-plus@0.2.4
Installation

macOS/Linux:

curl -fsSL https://vite.plus | bash

Windows:

irm https://vite.plus/ps1 | iex

Or download and run vp-setup.exe from the assets below.

Docker:

docker run --rm -it -v "$PWD:/app" -w /app ghcr.io/voidzero-dev/vite-plus:0.2.4 vp build

Run any vp command without installing it; see the Docker guide for more.

v0.2.3: vite-plus v0.2.3: config extraction, create, and vp run reliability fixes

Compare Source

A patch release that fixes static config extraction for vite.config.ts files whose defineConfig comes from a preset or custom wrapper (no longer misread as Vite+'s own), fixes vp create for org templates on registries that strip custom package fields, cleans up terminal output after Ctrl-C during vp run, and updates bundled Vite to 8.1.3.

Highlights
  • Custom VP_HOME is honored on every run: the global vp now respects a user-set VP_HOME for its home directory instead of falling back to ~/.vite-plus, and persists it in the generated env files, so a custom install location no longer produces multiple instances or unusable packages (#​2029), by @​liangmiQwQ
Features
  • Upgrade bundled Vite from 8.1.2 to 8.1.3 (inlined CSS after the shebang line, CSS preload for nested dynamic imports, SSR stacktrace column fix) (#​2042), by @​voidzero-guard[bot]
Fixes & Enhancements
  • vp run no longer misreads a vite.config.ts when its defineConfig comes from a preset or a custom wrapper instead of vite-plus or vite. Such configs are now evaluated at runtime rather than assumed to be Vite+'s own, so projects that use them no longer wrongly report Task "build" not found (#​2060, #​2075), by @​liangmiQwQ and @​fengmk2
  • Killing a vp run task with Ctrl-C no longer leaves odd OSC escape sequences in the terminal; vp defers its own Ctrl-C handling until the child process exits (#​2079), by @​forehalo
  • vp migrate: rewriting a package.json prettier script now emits a single --check, so scripts that combined --check with --list-different / -l / -c no longer produce a duplicated vp fmt --check --check (#​2044), by @​shulaoda
  • vp create @&#8203;org:name: read the org template catalog (createConfig) from the published tarball when the registry (e.g. GitHub Packages) strips custom fields from packument metadata (#​2063), by @​hiro-daikin
  • vp run: missing env vars requested through @voidzero-dev/vite-task-client now return undefined instead of null, preserving Vite production NODE_ENV semantics when builds run through vp run (vite-task#508, via #​2076), by @​wan9chi
Refactor
  • static_config: drop the unreachable vite.config.json branch (#​2045), and remove unused exported CLI helpers (#​2046), by @​shulaoda
Docs
Chore
Bundled Versions
Tool Version Source
vite 8.1.3 578ffb8
rolldown 1.1.4 6cbd233
tsdown 0.22.3 npm
vitest 4.1.9 npm
oxlint 1.72.0 npm
oxlint-tsgolint 0.24.0 npm
oxfmt 0.57.0 npm
Upgrade
vp upgrade
New Contributors

@​wan-kong and @​hiro-daikin made their first contributions.

Full Changelog: voidzero-dev/vite-plus@v0.2.2...v0.2.3

Published Packages
  • @voidzero-dev/vite-plus-core@0.2.3
  • vite-plus@0.2.3
Installation

macOS/Linux:

curl -fsSL https://vite.plus | bash

Windows:

irm https://vite.plus/ps1 | iex

Or download and run vp-setup.exe from the assets below.

Docker:

docker run --rm -it -v "$PWD:/app" -w /app ghcr.io/voidzero-dev/vite-plus:0.2.3 vp build

Run any vp command without installing it; see the Docker guide for more.


Configuration

📅 Schedule: (in timezone Asia/Shanghai)

  • Branch creation
    • "before 10am on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the needs-bundle-rebuild Rebuild dist/ bundle and push to the PR (Renovate bumps to bundled deps) label Jul 10, 2026
@socket-security

socket-security Bot commented Jul 10, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Added@​voidzero-dev/​vite-plus-core@​0.2.4811007799100
Addedvite-plus@​0.2.480100100100100

View full report

@renovate renovate Bot force-pushed the renovate/vite-plus branch from e3ed639 to aadf97f Compare July 12, 2026 20:41
@renovate renovate Bot changed the title chore(deps): update dependency vite-plus to v0.2.4 chore(deps): update vite-plus to v0.2.4 Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs-bundle-rebuild Rebuild dist/ bundle and push to the PR (Renovate bumps to bundled deps)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants