chore(deps): update dependency vite to v7

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
vite (source)	^6.4.1 -> ^7.0.0

---

Release Notes

vitejs/vite (vite)

v7.1.12

Compare Source

Please refer to CHANGELOG.md for details.

v7.1.11

Compare Source

Bug Fixes

• dev: trim trailing slash before server.fs.deny check (#​20968) (f479cc5)

Miscellaneous Chores

• deps: update all non-major dependencies (#​20966) (6fb41a2)

Code Refactoring

• use subpath imports for types module reference (#​20921) (d0094af)

Build System

• remove cjs reference in files field (#​20945) (ef411ce)
• remove hash from built filenames (#​20946) (a817307)

v7.1.10

Compare Source

Bug Fixes

• css: avoid duplicate style for server rendered stylesheet link and client inline style during dev (#​20767) (3a92bc7)
• css: respect emitAssets when cssCodeSplit=false (#​20883) (d3e7eee)
• deps: update all non-major dependencies (879de86)
• deps: update all non-major dependencies (#​20894) (3213f90)
• dev: allow aliases starting with // (#​20760) (b95fa2a)
• dev: remove timestamp query consistently (#​20887) (6537d15)
• esbuild: inject esbuild helpers correctly for esbuild 0.25.9+ (#​20906) (446eb38)
• normalize path before calling fileToBuiltUrl (#​20898) (73b6d24)
• preserve original sourcemap file field when combining sourcemaps (#​20926) (c714776)

Documentation

• correct WebSocket spelling (#​20890) (29e98dc)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20923) (a5e3b06)

v7.1.9

Compare Source

Reverts

• server: drain stdin when not interactive (#​20885) (12d72b0)

v7.1.8

Compare Source

Bug Fixes

• css: improve url escape characters handling (#​20847) (24a61a3)
• deps: update all non-major dependencies (#​20855) (788a183)
• deps: update artichokie to 0.4.2 (#​20864) (e670799)
• dev: skip JS responses for document requests (#​20866) (6bc6c4d)
• glob: fix HMR for array patterns with exclusions (#​20872) (63e040f)
• keep ids for virtual modules as-is (#​20808) (d4eca98)
• server: drain stdin when not interactive (#​20837) (bb950e9)
• server: improve malformed URL handling in middlewares (#​20830) (d65a983)

Documentation

• create-vite: provide deno example (#​20747) (fdb758a)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20810) (ea68a88)
• deps: update rolldown-related dependencies (#​20854) (4dd06fd)
• update url of create-react-app license (#​20865) (166a178)

v7.1.7

Compare Source

Bug Fixes

• build: fix ssr environment emitAssets: true when sharedConfigBuild: true (#​20787) (4c4583c)
• client: use CSP nonce when rendering error overlay (#​20791) (9bc9d12)
• deps: update all non-major dependencies (#​20811) (9f2247c)
• glob: handle glob imports from folders starting with dot (#​20800) (105abe8)
• hmr: trigger prune event when import is removed from non hmr module (#​20768) (9f32b1d)
• hmr: wait for import.meta.hot.prune callbacks to complete before running other HMRs (#​20698) (98a3484)

v7.1.6

Compare Source

Bug Fixes

• deps: update all non-major dependencies (#​20773) (88af2ae)
• esbuild: inject esbuild helper functions with minified $ variables correctly (#​20761) (7e8e004)
• fallback terser to main thread when nameCache is provided (#​20750) (a679a64)
• types: strict env typings fail when skipLibCheck is false (#​20755) (cc54e29)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20675) (a67bb5f)
• deps: update rolldown-related dependencies (#​20772) (d785e72)

v7.1.5

Compare Source

Bug Fixes

• apply fs.strict check to HTML files (#​20736) (14015d7)
• deps: update all non-major dependencies (#​20732) (122bfba)
• upgrade sirv to 3.0.2 (#​20735) (09f2b52)

v7.1.4

Compare Source

Bug Fixes

• add missing awaits (#​20697) (79d10ed)
• deps: update all non-major dependencies (#​20676) (5a274b2)
• deps: update all non-major dependencies (#​20709) (0401feb)
• pass rollup watch options when building in watch mode (#​20674) (f367453)

Miscellaneous Chores

• remove unused constants entry from rolldown.config.ts (#​20710) (537fcf9)

Code Refactoring

• remove unnecessary minify parameter from finalizeCss (#​20701) (8099582)

v7.1.3

Compare Source

Features

• cli: add Node.js version warning for unsupported versions (#​20638) (a1be1bf)
• generate code frame for parse errors thrown by terser (#​20642) (a9ba017)
• support long lines in generateCodeFrame (#​20640) (1559577)

Bug Fixes

• deps: update all non-major dependencies (#​20634) (4851cab)
• optimizer: incorrect incompatible error (#​20439) (446fe83)
• support multiline new URL(..., import.meta.url) expressions (#​20644) (9ccf142)

Performance Improvements

• cli: dynamically import resolveConfig (#​20646) (f691f57)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20633) (98b92e8)

Code Refactoring

• replace startsWith with strict equality (#​20603) (42816de)
• use import in worker threads (#​20641) (530687a)

Tests

• remove checkNodeVersion test (#​20647) (731d3e6)

v7.1.2

Compare Source

Bug Fixes

• client: add [vite] prefixes to debug logs (#​20595) (7cdef61)
• config: make debugger work with bundle loader (#​20573) (c583927)
• deps: update all non-major dependencies (#​20587) (20d4817)
• don't consider ids with npm: prefix as a built-in module (#​20558) (ab33803)
• hmr: watch non-inlined assets referenced by CSS (#​20581) (b7d494b)
• module-runner: prevent crash when sourceMappingURL pattern appears in string literals (#​20554) (2770478)

Miscellaneous Chores

• deps: migrate to @jridgewell/remapping from @ampproject/remapping (#​20577) (0a6048a)
• deps: update rolldown-related dependencies (#​20586) (77632c5)

v7.1.1

Compare Source

Bug Fixes

• dev: trim trailing slash before server.fs.deny check (#​20968) (f479cc5)

Miscellaneous Chores

• deps: update all non-major dependencies (#​20966) (6fb41a2)

Code Refactoring

• use subpath imports for types module reference (#​20921) (d0094af)

Build System

• remove cjs reference in files field (#​20945) (ef411ce)
• remove hash from built filenames (#​20946) (a817307)

v7.1.0

Compare Source

Features

• support files with more than 1000 lines by generateCodeFrame (#​20508) (e7d0b2a)
• add import.meta.main support in config (bundle config loader) (#​20516) (5d3e3c2)
• optimizer: improve dependency optimization error messages with esbuild formatMessages (#​20525) (d17cfed)
• ssr: add import.meta.main support for Node.js module runner (#​20517) (794a8f2)
• add future: 'warn' (#​20473) (e6aaf17)
• add removeServerPluginContainer future deprecation (#​20437) (c1279e7)
• add removeServerReloadModule future deprecation (#​20436) (6970d17)
• add server.warmupRequest to future deprecation (#​20431) (8ad388a)
• add ssrFixStacktrace / ssrRewriteStacktrace to removeSsrLoadModule future deprecation (#​20435) (8c8f587)
• client: ping from SharedWorker (#​19057) (5c97c22)
• dev: add this.fs support (#​20301) (0fe3f2f)
• export defaultExternalConditions (#​20279) (344d302)
• implement removePluginHookSsrArgument future deprecation (#​20433) (95927d9)
• implement removeServerHot future deprecation (#​20434) (259f45d)
• resolve server URLs before calling other listeners (#​19981) (45f6443)
• ssr: resolve externalized packages with resolve.externalConditions and add module-sync to default external condition (#​20409) (c669c52)
• ssr: support import.meta.resolve in module runner (#​20260) (62835f7)

Bug Fixes

• css: avoid warnings for image-set containing __VITE_ASSET__ (#​20520) (f1a2635)
• css: empty CSS entry points should generate CSS files, not JS files (#​20518) (bac9f3e)
• dev: denied request stalled when requested concurrently (#​20503) (64a52e7)
• manifest: initialize entryCssAssetFileNames as an empty Set (#​20542) (6a46cda)
• skip prepareOutDirPlugin in workers (#​20556) (97d5111)
• asset: only watch existing files for new URL(, import.meta.url) (#​20507) (1b211fd)
• client: keep ping on WS constructor error (#​20512) (3676da5)
• deps: update all non-major dependencies (#​20537) (fc9a9d3)
• don't resolve as relative for specifiers starting with a dot (#​20528) (c5a10ec)
• html: allow control character in input stream (#​20483) (c12a4a7)
• merge old and new noExternal: true correctly (#​20502) (9ebe4a5)
• deps: update all non-major dependencies (#​20489) (f6aa04a)
• dev: denied requests overly (#​20410) (4be5270)
• hmr: register css deps as type: asset (#​20391) (7eac8dd)
• optimizer: discover correct jsx runtime during scan (#​20495) (10d48bb)
• preview: set correct host for resolvedUrls (#​20496) (62b3e0d)
• worker: resolve WebKit compat with inline workers by deferring blob URL revocation (#​20460) (8033e5b)

Performance Improvements

• client: reduce reload debounce (#​20429) (22ad43b)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20536) (8be2787)
• deps: update dependency parse5 to v8 (#​20490) (744582d)
• format (f20addc)
• stablize cssScopeTo (#​19592) (ced1343)

Code Refactoring

• use hook filters in the worker plugin (#​20527) (958cdf2)
• extract prepareOutDir as a plugin (#​20373) (2c4af1f)
• extract resolve rollup options (#​20375) (61a9778)
• rewrite openchrome.applescript to JXA (#​20424) (7979f9d)
• use http-proxy-3 (#​20402) (26d9872)
• use hook filters in internal plugins (#​20358) (f19c4d7)
• use hook filters in internal resolve plugin (#​20480) (acd2a13)

Tests

• detect ts support via process.features (#​20544) (856d3f0)
• fix unimportant errors in test-unit (#​20545) (1f23554)

Beta Changelogs

7.1.0-beta.1 (2025-08-05)

See 7.1.0-beta.1 changelog

7.1.0-beta.0 (2025-07-30)

See 7.1.0-beta.0 changelog

v7.0.8

Compare Source

Please refer to CHANGELOG.md for details.

v7.0.7

Compare Source

Please refer to CHANGELOG.md for details.

v7.0.6

Compare Source

Features

• support files with more than 1000 lines by generateCodeFrame (#​20508) (e7d0b2a)
• add import.meta.main support in config (bundle config loader) (#​20516) (5d3e3c2)
• optimizer: improve dependency optimization error messages with esbuild formatMessages (#​20525) (d17cfed)
• ssr: add import.meta.main support for Node.js module runner (#​20517) (794a8f2)
• add future: 'warn' (#​20473) (e6aaf17)
• add removeServerPluginContainer future deprecation (#​20437) (c1279e7)
• add removeServerReloadModule future deprecation (#​20436) (6970d17)
• add server.warmupRequest to future deprecation (#​20431) (8ad388a)
• add ssrFixStacktrace / ssrRewriteStacktrace to removeSsrLoadModule future deprecation (#​20435) (8c8f587)
• client: ping from SharedWorker (#​19057) (5c97c22)
• dev: add this.fs support (#​20301) (0fe3f2f)
• export defaultExternalConditions (#​20279) (344d302)
• implement removePluginHookSsrArgument future deprecation (#​20433) (95927d9)
• implement removeServerHot future deprecation (#​20434) (259f45d)
• resolve server URLs before calling other listeners (#​19981) (45f6443)
• ssr: resolve externalized packages with resolve.externalConditions and add module-sync to default external condition (#​20409) (c669c52)
• ssr: support import.meta.resolve in module runner (#​20260) (62835f7)

Bug Fixes

• css: avoid warnings for image-set containing __VITE_ASSET__ (#​20520) (f1a2635)
• css: empty CSS entry points should generate CSS files, not JS files (#​20518) (bac9f3e)
• dev: denied request stalled when requested concurrently (#​20503) (64a52e7)
• manifest: initialize entryCssAssetFileNames as an empty Set (#​20542) (6a46cda)
• skip prepareOutDirPlugin in workers (#​20556) (97d5111)
• asset: only watch existing files for new URL(, import.meta.url) (#​20507) (1b211fd)
• client: keep ping on WS constructor error (#​20512) (3676da5)
• deps: update all non-major dependencies (#​20537) (fc9a9d3)
• don't resolve as relative for specifiers starting with a dot (#​20528) (c5a10ec)
• html: allow control character in input stream (#​20483) (c12a4a7)
• merge old and new noExternal: true correctly (#​20502) (9ebe4a5)
• deps: update all non-major dependencies (#​20489) (f6aa04a)
• dev: denied requests overly (#​20410) (4be5270)
• hmr: register css deps as type: asset (#​20391) (7eac8dd)
• optimizer: discover correct jsx runtime during scan (#​20495) (10d48bb)
• preview: set correct host for resolvedUrls (#​20496) (62b3e0d)
• worker: resolve WebKit compat with inline workers by deferring blob URL revocation (#​20460) (8033e5b)

Performance Improvements

• client: reduce reload debounce (#​20429) (22ad43b)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20536) (8be2787)
• deps: update dependency parse5 to v8 (#​20490) (744582d)
• format (f20addc)
• stablize cssScopeTo (#​19592) (ced1343)

Code Refactoring

• use hook filters in the worker plugin (#​20527) (958cdf2)
• extract prepareOutDir as a plugin (#​20373) (2c4af1f)
• extract resolve rollup options (#​20375) (61a9778)
• rewrite openchrome.applescript to JXA (#​20424) (7979f9d)
• use http-proxy-3 (#​20402) (26d9872)
• use hook filters in internal plugins (#​20358) (f19c4d7)
• use hook filters in internal resolve plugin (#​20480) (acd2a13)

Tests

• detect ts support via process.features (#​20544) (856d3f0)
• fix unimportant errors in test-unit (#​20545) (1f23554)

Beta Changelogs

7.1.0-beta.1 (2025-08-05)

See 7.1.0-beta.1 changelog

7.1.0-beta.0 (2025-07-30)

See 7.1.0-beta.0 changelog

v7.0.5

Compare Source

Bug Fixes

• deps: update all non-major dependencies (#​20406) (1a1cc8a)
• remove special handling for Accept: text/html (#​20376) (c9614b9)
• watch assets referenced by new URL(, import.meta.url) (#​20382) (6bc8bf6)

Miscellaneous Chores

• deps: update dependency rolldown to ^1.0.0-beta.27 (#​20405) (1165667)

Code Refactoring

• use foo.endsWith("bar") instead of /bar$/.test(foo) (#​20413) (862e192)

v7.0.4

Compare Source

Bug Fixes

• allow resolving bare specifiers to relative paths for entries (#​20379) (324669c)

Build System

• remove @oxc-project/runtime devDep (#​20389) (5e29602)

v7.0.3

Compare Source

Bug Fixes

• client: protect against window being defined but addEv undefined (#​20359) (31d1467)
• define: replace optional values (#​20338) (9465ae1)
• deps: update all non-major dependencies (#​20366) (43ac73d)

Miscellaneous Chores

• deps: update dependency dotenv to v17 (#​20325) (45040d4)
• deps: update dependency rolldown to ^1.0.0-beta.24 (#​20365) (5ab25e7)
• use n/prefer-node-protocol rule (#​20368) (38bb268)

Code Refactoring

• minor changes to reduce diff between normal Vite and rolldown-vite (#​20354) (2e8050e)

v7.0.2

Compare Source

Bug Fixes

• css: resolve relative paths in sass, revert #​20300 (#​20349) (db8bd41)

v7.0.1

Compare Source

Bug Fixes

• css: skip resolving resolved paths in sass (#​20300) (ac528a4)
• deps: update all non-major dependencies (#​20324) (3e81af3)
• types: add a global interface for Worker (#​20243) (37bdfc1)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​20323) (30d2f1b)
• fix typos and grammatical errors across documentation and comments (#​20337) (c1c951d)
• group commits by category in changelog (#​20310) (41e83f6)
• rearrange 7.0 changelog (#​20280) (eafd28a)

v7.0.0

Compare Source

Today, we're excited to announce the release of the next Vite major:

• Vite 7.0 announcement blog post
• Docs (translations: 简体中文, 日本語, Español, Português, 한국어, Deutsch, فارسی)
• Migration Guide

⚠ BREAKING CHANGES

• ssr: don't access Object variable in ssr transformed code (#​19996)
• remove experimental.skipSsrTransform option (#​20038)
• remove HotBroadcaster (#​19988)
• css: always use sass compiler API (#​19978)
• bump build.target and name it baseline-widely-available (#​20007)
• bump required node version to 20.19+, 22.12+ and remove cjs build (#​20032)
• css: remove sass legacy API support (#​19977)
• remove deprecated HotBroadcaster related types (#​19987)
• remove deprecated no-op type only properties (#​19985)
• remove node 18 support (#​19972)
• remove deprecated hook-level enforce/transform from transformIndexHtml hook (#​19349)
• remove deprecated splitVendorChunkPlugin (#​19255)

Features

• types: use terser types from terser package (#​20274) (a5799fa)
• apply some middlewares before configurePreviewServer hook (#​20224) (b989c42)
• apply some middlewares before configureServer hook (#​20222) (f5cc4c0)
• add base option to import.meta.glob (#​20163) (253d6c6)
• add this.meta.viteVersion (#​20088) (f55bf41)
• allow passing down resolved config to vite's createServer (#​19894) (c1ae9bd)
• buildApp hook (#​19971) (5da659d)
• build: provide names for asset entrypoints (#​19912) (c4e01dc)
• bump build.target and name it baseline-widely-available (#​20007) (4a8aa82)
• client: support opening fileURL in editor (#​20040) (1bde4d2)
• make PluginContext available for Vite-specific hooks (#​19936) (7063839)
• resolve environments plugins at config time (#​20120) (f6a28d5)
• stabilize css.preprocessorMaxWorkers and default to true (#​19992) (70aee13)
• stabilize optimizeDeps.noDiscovery (#​19984) (6d2dcb4)

Bug Fixes

• deps: update all non-major dependencies (#​20271) (6b64d63)
• keep import.meta.url in bundled Vite (#​20235) (3bf3a8a)
• module-runner: export ssrExportNameKey (#​20266) (ac302a7)
• module-runner: expose normalizeModuleId (#​20277) (9b98dcb)
• deps: update all non-major dependencies (#​20181) (d91d4f7)
• deps: update all non-major dependencies (#​20212) (a80339b)
• align dynamic import detection (#​20115) ([1ea2222](https://redirect.github.com/vitejs/vite/commit/1ea2222302f128c4000289683480d8311

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[claude]

Pull Request Review: Vite 6.4.1 → 7.1.12 Upgrade

Summary

This PR upgrades Vite from v6.4.1 to v7.1.12, a major version upgrade. This is an automated dependency update by Renovate that includes significant changes and potential breaking changes.

---

Code Quality & Best Practices ✅

Positive:

• Clean automated dependency update
• All lock files (package-lock.json and yarn.lock) are properly synchronized
• Version constraints use caret (^) ranges appropriately

Note:

• The upgrade jumps an entire major version (v6 → v7), which typically includes breaking changes

---

Potential Bugs & Issues ⚠️

Critical Concerns:

1. Node.js Version Requirement Change

   • Old requirement: ^18.0.0 || ^20.0.0 || >=22.0.0
   • New requirement: ^20.19.0 || >=22.12.0
   • Impact: Node 18 is no longer supported. Your CI/CD pipeline and deployment environments must use Node 20.19.0+ or Node 22.12.0+
   • Action Required: Verify and update Node.js versions in:
     • GitHub Actions workflows
     • Docker images
     • Local development environment documentation
     • Production servers

2. Peer Dependency Requirements Tightened
   Vite 7 now has stricter version requirements for optional dependencies:

   • less: Now requires ^4.0.0 (was *)
   • sass: Now requires ^1.70.0 (was *)
   • sass-embedded: Now requires ^1.70.0 (was *)
   • stylus: Now requires >=0.54.8 (was *)
   • sugarss: Now requires ^5.0.0 (was *)

   Note: These are optional peer dependencies and won't affect your build unless you use these preprocessors.

3. Breaking Changes in Vite 7
   From the release notes, key breaking changes include:

   • Removal/deprecation of certain API methods (server.warmupRequest, ssrLoadModule, etc.)
   • Changes to plugin hook signatures
   • Modified CSS handling behavior

   Current Impact: Your vite.config.ts (frontend/vite.config.ts:1-16) uses a simple configuration with SvelteKit plugin and proxy settings. This basic configuration should be compatible, but testing is essential.

4. Rollup Version Bump

   • Rollup updated from 4.40.2 to 4.52.5
   • Includes changes to platform-specific binaries (new: openharmony-arm64, win32-x64-gnu)
   • Package name changes: linux-loongarch64-gnu → linux-loong64-gnu, linux-powerpc64le-gnu → linux-ppc64-gnu

---

Performance Considerations 📊

Improvements from Vite 7:

• Reduced reload debounce time for faster HMR
• Dynamic imports for CLI commands to improve startup time
• Better CSS handling and optimization
• Improved source map generation

Potential Concerns:

• Major version upgrades can introduce performance regressions
• Recommend benchmarking build times before/after upgrade

---

Security Concerns 🔒

Positive:

• Security fixes in the v7.x release line:
  • Fixed server.fs.deny check with trailing slashes (v7.1.1)
  • Improved malformed URL handling in middlewares (v7.1.8)
  • Better handling of denied requests (v7.1.0)
  • CSP nonce support in error overlay (v7.1.7)

Dependency Updates:

• @types/estree: 1.0.7 → 1.0.8
• fdir: 6.4.4 → 6.5.0
• tinyglobby: 0.2.14 → 0.2.15
• Multiple @rollup/rollup-* platform-specific packages updated

All dependency updates appear to be routine maintenance with no known security vulnerabilities.

---

Test Coverage 🧪

Action Required:
Since this is a major version upgrade, comprehensive testing is essential:

1. Manual Testing Checklist:

   • Development server starts correctly (npm run dev)
   • Production build completes successfully (npm run build)
   • Preview mode works (npm run preview)
   • Hot Module Replacement (HMR) functions correctly
   • Proxy configuration works (API and WebSocket endpoints)
   • TypeScript checking passes (npm run check)
   • All routes render correctly
   • Static assets load properly

2. Automated Testing:

   • Run existing test suite
   • Check CI/CD pipeline status
   • Verify build artifacts are correctly generated

3. Browser Testing:

   • Test in multiple browsers (Chrome, Firefox, Safari)
   • Verify no console errors
   • Check network requests to proxied endpoints

---

Recommendations 📝

Before Merging:

1. ✅ Update Node.js versions in all environments to meet new requirements (20.19.0+ or 22.12.0+)
2. ✅ Review CI configuration - Check .github/workflows/ files for Node.js version specifications
3. ✅ Test thoroughly using the checklist above
4. ✅ Check SvelteKit compatibility - Verify @sveltejs/vite-plugin-svelte@^6.1.2 is compatible with Vite 7
5. ✅ Review Vite 7 migration guide - Check official documentation for any app-specific breaking changes
6. ⚠️ Consider incremental rollout - Deploy to staging environment first

Documentation Updates:

• Update README.md Node.js version requirements if specified
• Update any developer setup documentation

Nice to Have:

• Add a note in the merge commit about the Node.js version requirement
• Consider documenting any configuration changes needed

---

Verdict 🎯

Recommendation: ⚠️ Approve with conditions

This is a well-structured automated dependency update, but it's a major version upgrade that requires:

1. Node.js version updates (breaking change)
2. Thorough testing before deployment
3. Verification of CI/CD compatibility

The changes themselves are clean and properly formatted. The main risks are environmental (Node.js versions) and potential runtime compatibility issues that can only be discovered through testing.

Priority: Ensure Node.js 20.19.0+ or 22.12.0+ is available in all environments before merging.

---

Review generated by Claude Code - Please test thoroughly before merging

[claude]

Pull Request Review: Vite 6.4.1 → 7.1.12 Major Version Upgrade

Overview

This PR upgrades Vite from ^6.4.1 to ^7.0.0 (resolving to v7.1.12), which is a major version upgrade. This is an automated Renovate PR updating both package.json and lock files.

---

Code Quality & Best Practices ✅

Positive aspects:

• Clean dependency update with proper semver range (^7.0.0)
• All lock files updated consistently (both npm and yarn)
• No direct code changes required - pure dependency update

Observations:

• The update includes numerous transitive dependency updates (rollup, fdir, tinyglobby, etc.)
• Package integrity hashes properly maintained
• Platform-specific rollup binaries correctly updated

---

Potential Issues & Breaking Changes ⚠️

Critical considerations:

1. Node.js Version Requirements Changed

   • Before (Vite 6): ^18.0.0 || ^20.0.0 || >=22.0.0
   • After (Vite 7): ^20.19.0 || >=22.12.0
   • ⚠️ Node 18 is no longer supported - verify CI/CD and deployment environments are using Node 20.19+ or 22.12+

2. Peer Dependency Changes

   • More specific version requirements for preprocessors (less, sass, stylus, etc.)
   • @types/node now requires ^20.19.0 || >=22.12.0
   • postcss minimum version increased from ^8.5.3 to ^8.5.6

3. Package Renames

   • @rollup/rollup-linux-loongarch64-gnu → @rollup/rollup-linux-loong64-gnu
   • @rollup/rollup-linux-powerpc64le-gnu → @rollup/rollup-linux-ppc64-gnu
   • New platform support added: @rollup/rollup-openharmony-arm64 and @rollup/rollup-win32-x64-gnu

4. Vite Configuration Compatibility

   • Your current vite.config.ts (frontend/vite.config.ts:1-16) uses standard SvelteKit + proxy setup
   • Should be compatible, but testing recommended for WebSocket proxy behavior (line 10-13)

---

Performance Considerations 🚀

Improvements in Vite 7:

• Enhanced HMR (Hot Module Replacement) performance
• Better CSS handling with improved code splitting
• Optimized dependency pre-bundling
• Rollup upgraded to 4.52.5 with performance enhancements

Note: The changelog mentions significant optimizations, but actual performance impact depends on your specific build configuration.

---

Security Concerns 🔒

Overall assessment: LOW RISK

• This is an official Renovate bot update from the Vite team
• Package integrity maintained throughout
• No known CVEs in the upgrade path
• Regular maintenance updates from a trusted source

Recommendations:

• Monitor for security advisories post-merge
• Review Vite 7 changelog for security-related fixes

---

Test Coverage 🧪

Testing recommendations:

1. Required before merge:

   • ✅ Verify CI builds pass with new Node version requirements
   • ✅ Test development server (npm run dev)
   • ✅ Test production build (npm run build)
   • ✅ Verify WebSocket proxy functionality (frontend/vite.config.ts:10-13)
   • ✅ Test HMR behavior in development

2. Specific areas to test:

   • SvelteKit integration (no known breaking changes, but verify)
   • API/WS proxy configuration
   • Asset handling and imports
   • CSS processing

---

Action Items Before Merge

• CRITICAL: Verify Node.js version in CI/CD pipelines meets new requirements (20.19+ or 22.12+)
• Update any Node version specifications in:
  • .github/workflows/ files
  • Dockerfile(s)
  • Deployment configurations
  • Developer documentation
• Run full test suite
• Manual testing of dev server and production build
• Review Vite 7 migration guide for any project-specific concerns

---

Recommendation

CONDITIONAL APPROVAL ✅ with Node.js version verification

This upgrade is generally safe and brings performance improvements, but the Node.js version requirement change is a breaking change that must be addressed before merging.

Next steps:

1. Verify and update Node.js versions across all environments
2. Run CI/CD to ensure compatibility
3. If all checks pass, merge is recommended

---

Review generated by Claude Code

[claude]

Pull Request Review: Vite 7.1.12 Major Version Upgrade

Summary

This PR upgrades Vite from ^6.4.1 to ^7.0.0 (resolving to v7.1.12), representing a major version upgrade with breaking changes. This is an automated Renovate dependency update.

---

✅ Code Quality & Best Practices

Strengths:

• Clean, automated dependency update with consistent lock file updates (both npm and yarn)
• Proper semver caret range usage (^7.0.0)
• All transitive dependencies properly updated (Rollup 4.40.2 → 4.52.5, fdir, tinyglobby, etc.)
• Package integrity hashes maintained correctly

Observations:

• Simple, straightforward dependency bump
• No manual code changes required
• Both package-lock.json and yarn.lock synchronized

---

⚠️ Potential Bugs & Breaking Changes

1. Node.js Version Requirements (BREAKING CHANGE)

Critical Issue:

• Vite 6 required: ^18.0.0 || ^20.0.0 || >=22.0.0
• Vite 7 requires: ^20.19.0 || >=22.12.0
• Impact: Node 18 support has been DROPPED

Good News for This Project:

• Your .mise.toml specifies Node 24.11 ✅
• This meets Vite 7's requirements
• However: Your CI workflow (.github/workflows/ci.yml:55-72) uses oven-sh/setup-bun@v2 without explicit Node version
• Bun includes its own Node runtime, so verify Bun's Node compatibility meets the >=22.12.0 requirement

Action Items:

• ✅ Local dev environment is fine (Node 24.11)
• ⚠️ Verify Bun version in CI includes Node 22.12+ compatible runtime
• ⚠️ Check any Docker images or deployment environments

2. Peer Dependency Tightening

Vite 7 now enforces stricter version requirements for CSS preprocessors:

• less: * → ^4.0.0
• sass: * → ^1.70.0
• sass-embedded: * → ^1.70.0
• stylus: * → >=0.54.8
• sugarss: * → ^5.0.0
• @types/node: * → ^20.19.0 || >=22.12.0
• postcss: ^8.5.3 → ^8.5.6

Impact: You use postcss@^8.5.1 in package.json (line 27), which should be updated to ^8.5.6 or higher to match Vite's peer dependency requirement. Your lock files show [email protected] is installed, which is below the minimum.

Recommendation: Update postcss to ^8.5.6 in a follow-up commit or verify current version works.

3. Rollup Platform Binary Changes

Package renames in Rollup:

• linux-loongarch64-gnu → linux-loong64-gnu
• linux-powerpc64le-gnu → linux-ppc64-gnu

New platform support:

• openharmony-arm64
• win32-x64-gnu

Impact: Minimal - these are handled automatically by npm/yarn.

4. Configuration Compatibility

Your frontend/vite.config.ts is minimal and uses standard patterns:

plugins: [sveltekit()],
server: {
  proxy: { '/rapidoc', '/api', '/ws' (WebSocket) }
}

Assessment: Should be fully compatible with Vite 7. The proxy configuration uses standard options that haven't changed.

Note: Vite 7 deprecates several APIs (server.warmupRequest, ssrLoadModule, etc.), but your config doesn't use any of these.

---

🚀 Performance Considerations

Improvements in Vite 7:

• Faster HMR (Hot Module Replacement) with reduced reload debounce
• Dynamic CLI imports for faster startup
• Improved CSS code splitting and optimization
• Better source map generation performance
• Enhanced dependency pre-bundling

From Changelog:

• Better handling of glob imports and multiline patterns
• Optimized terser minification (with parallel workers)
• Improved file watching for CSS dependencies

Recommendation: Benchmark build times before/after to quantify improvements for your project.

---

🔒 Security Assessment

Risk Level: LOW ✅

Security Improvements in Vite 7.x:

1. v7.1.1: Fixed server.fs.deny check bypass with trailing slashes
2. v7.1.7: Added CSP nonce support in error overlay
3. v7.1.8: Improved malformed URL handling in middlewares
4. v7.1.0: Better handling of denied requests (prevents request stalling)

Dependency Security:

• All updates from official Renovate bot
• No known CVEs in the upgrade path
• Regular maintenance from trusted Vite team
• Package integrity maintained

---

🧪 Test Coverage Recommendations

Required Testing Checklist:

Build & Development:

• bun run dev - Development server starts correctly
• bun run build - Production build completes successfully
• bun run preview - Preview mode works
• bun run check - TypeScript/Svelte checking passes
• bun run lint - Linting passes

Functional Testing:

• HMR (Hot Module Replacement) works correctly during development
• Proxy endpoints function properly:
  • /rapidoc → http://127.0.0.1:21342
  • /api → http://127.0.0.1:21342
  • /ws → WebSocket proxy to ws://127.0.0.1:21342
• Static assets load correctly
• All routes render properly

Browser Testing:

• No console errors in multiple browsers (Chrome, Firefox, Safari)
• Network tab shows correct proxy behavior
• WebSocket connection establishes successfully

CI/CD:

• GitHub Actions CI passes (.github/workflows/ci.yml)
• Docker build succeeds if applicable
• Deployment preview works

---

📝 Recommendations

Before Merging:

1. Update PostCSS ⚠️
   Your package.json has postcss@^8.5.1, but Vite 7 peer dependency requires ^8.5.6. Update to avoid warnings:

   cd frontend && bun update postcss

2. Verify Bun Compatibility ⚠️
   Confirm that oven-sh/setup-bun@v2 in CI includes Node.js 22.12+ compatible runtime

3. Test SvelteKit Integration ✅
   Your @sveltejs/vite-plugin-svelte@^6.1.2 should be compatible, but verify with the checklist above

4. Review Vite 7 Migration Guide ℹ️
   Check Vite 7.0 announcement for any edge cases

Nice to Have:

• Document Node version requirements in README if not already present
• Consider adding a changelog entry noting the major Vite upgrade
• Monitor build performance metrics post-merge

---

🎯 Final Verdict

Recommendation: APPROVE ✅ with minor action items

Confidence Level: HIGH

This is a well-executed automated dependency update. The breaking changes are primarily environmental (Node.js version), which your project already satisfies with Node 24.11 in .mise.toml.

Key Points:

• ✅ Node version requirement met (24.11 > 22.12)
• ✅ Simple, standard Vite config should work without changes
• ⚠️ Minor: Update PostCSS from 8.5.1 to 8.5.6+
• ⚠️ Verify Bun's Node compatibility in CI
• ✅ Security improvements included
• ✅ Performance enhancements expected

Merge Safety: Safe to merge after updating PostCSS and verifying CI passes. The Vite 7 upgrade brings substantial benefits with minimal risk.

---

Review completed using repository standards and best practices

[claude]

PR Review: Vite 6.4.1 → 7.1.12 Upgrade

Overview

This PR upgrades Vite from ^6.4.1 to ^7.0.0 (resolving to 7.1.12), which is a major version upgrade with potential breaking changes.

---

✅ Positive Aspects

1. Automated Dependency Management: Good use of Renovate to keep dependencies up-to-date
2. Security & Bug Fixes: The upgrade includes numerous bug fixes and security improvements from the Vite 7.x release line
3. Performance Improvements: Vite 7.x includes performance optimizations, particularly in HMR and build times

---

⚠️ Breaking Changes & Compatibility Concerns

1. Node.js Version Requirement

• Vite 6: Required Node.js ^18.0.0 || ^20.0.0 || >=22.0.0
• Vite 7: Requires Node.js ^20.19.0 || >=22.12.0

Action Required:

• ✅ Verify CI/CD pipelines use Node.js >= 20.19.0 or >= 22.12.0
• ✅ Update .nvmrc or Node version documentation if present
• ✅ Update any Docker images or deployment environments

2. Peer Dependency Changes

Vite 7 has stricter peer dependency requirements:

• less: now requires ^4.0.0 (was *)
• sass: now requires ^1.70.0 (was *)
• sass-embedded: now requires ^1.70.0 (was *)
• stylus: now requires >=0.54.8 (was *)
• sugarss: now requires ^5.0.0 (was *)

Impact: Currently appears low since the project uses Tailwind/PostCSS, but verify if any dependencies use these preprocessors.

3. API Changes & Deprecations

Based on the release notes, several APIs have deprecation warnings with future: 'warn':

• removeServerPluginContainer
• removeServerReloadModule
• server.warmupRequest
• removeSsrLoadModule (affects ssrFixStacktrace/ssrRewriteStacktrace)
• removePluginHookSsrArgument
• removeServerHot

Risk: The SvelteKit integration uses Vite's SSR features extensively. Check for deprecation warnings in console.

4. Rollup Dependency Updates

• Rollup upgraded from 4.40.2 → 4.52.5
• Platform-specific binaries renamed (e.g., loongarch64 → loong64, powerpc64le → ppc64)

Impact: Should be transparent but verify builds succeed on all target platforms.

---

🧪 Testing Requirements

Critical Tests Needed:

1. ✅ npm run dev - Verify development server starts without errors
2. ✅ npm run build - Verify production build completes successfully
3. ✅ npm run preview - Test preview server works
4. ✅ HMR functionality - Verify hot module replacement works during development
5. ✅ SSR rendering - Ensure SvelteKit SSR works correctly
6. ✅ Proxy configuration - Test the API/WebSocket proxy config in vite.config.ts:6-14
7. ✅ Static adapter build - Verify @sveltejs/adapter-static compatibility

Regression Testing:

• Test all routes and pages render correctly
• Verify WebSocket connections to backend work
• Check that RapiDoc integration at /rapidoc functions

---

🔒 Security Considerations

Positive Security Improvements:

• v7.1.5: Added fs.strict check to HTML files (security hardening)
• v7.1.7: CSP nonce support for error overlay
• v7.1.8: Improved malformed URL handling in middlewares

Recommendation: No security concerns introduced by this upgrade.

---

📊 Performance Impact

Expected Improvements:

• Reduced reload debounce time (v7.1.0)
• Better HMR performance with improved prune callbacks
• Optimized CSS handling and glob imports

---

📝 Recommendations

High Priority

1. Test Before Merge: Run full test suite and manual testing
2. Check Node Version: Update to Node.js >= 20.19.0 in all environments
3. Monitor Deprecation Warnings: Watch console for deprecation messages
4. Verify SvelteKit Compatibility: Ensure @sveltejs/vite-plugin-svelte@^6.1.2 is compatible

Medium Priority

1. Review Bundle Size: Compare before/after bundle sizes
2. Check Build Times: Verify build performance hasn't regressed
3. Update Documentation: If Node version requirement changed, document it

Low Priority

1. Consider Lockfile Strategy: Both package-lock.json and yarn.lock are updated - consider standardizing on one package manager

---

🎯 Verdict

Recommendation: ✅ Approve with Testing

This is a well-maintained dependency upgrade from a trusted source (Renovate). The changes are primarily additive with backward compatibility. However, due to the major version bump and Node.js requirement changes, thorough testing is essential before merging.

Merge Checklist:

• Verify Node.js version in CI (should be >= 20.19.0 or >= 22.12.0)
• Run npm run dev successfully
• Run npm run build successfully
• Test HMR in development
• Test production preview
• Verify no deprecation warnings in console
• Check that backend proxy still works
• Confirm bundle size is acceptable

---

📚 References

• Vite 7.0 Release Notes
• Vite 7 Migration Guide

Generated with 🤖 Claude Code

[claude]

Pull Request Review: Vite v6.4.1 → v7.1.12

Overview

This PR upgrades Vite from version 6.4.1 to 7.1.12, a major version upgrade initiated by Renovate. This is a significant update that includes breaking changes and requires careful consideration.

---

✅ Code Quality & Best Practices

• Automated dependency management: Good use of Renovate for keeping dependencies current
• Lock file updates: Both package-lock.json and yarn.lock are properly updated
• Semantic versioning: The version constraint is updated to ^7.0.0, allowing minor/patch updates within v7

---

⚠️ Breaking Changes & Compatibility Concerns

1. Node.js Version Requirements

Critical: Vite 7 has stricter Node.js requirements:

• Old requirement (Vite 6): ^18.0.0 || ^20.0.0 || >=22.0.0
• New requirement (Vite 7): ^20.19.0 || >=22.12.0

Action Required:

• ✅ Verify your CI/CD pipeline uses Node.js >= 20.19.0 or >= 22.12.0
• ✅ Update any .nvmrc, package.json engines field, or CI configuration files
• ❌ Node.js 18.x is no longer supported

2. Peer Dependency Changes

Vite 7 has more specific peer dependency requirements:

• less: Now requires ^4.0.0 (previously *)
• sass: Now requires ^1.70.0 (previously *)
• sass-embedded: Now requires ^1.70.0 (previously *)
• stylus: Now requires >=0.54.8 (previously *)
• sugarss: Now requires ^5.0.0 (previously *)

Impact: Low for this project (you're not using these preprocessors based on dependencies)

3. Architecture Changes

Notable package name changes in rollup dependencies:

• @rollup/rollup-linux-loongarch64-gnu → @rollup/rollup-linux-loong64-gnu
• @rollup/rollup-linux-powerpc64le-gnu → @rollup/rollup-linux-ppc64-gnu
• New platforms: @rollup/rollup-openharmony-arm64, @rollup/rollup-win32-x64-gnu

---

🐛 Potential Issues

1. SvelteKit Compatibility

Your project uses:

• @sveltejs/kit@^2.17.1
• @sveltejs/vite-plugin-svelte@^6.1.2

Recommendation: Verify these versions are compatible with Vite 7. Check:

• SvelteKit's official compatibility matrix
• Test the build and dev server thoroughly

2. Proxy Configuration

Your vite.config.ts uses proxy configuration for /api, /rapidoc, and /ws. While this should continue working, the WebSocket proxy behavior may have changed in Vite 7.

Action: Test WebSocket connections (/ws endpoint) thoroughly

3. Future Deprecation Warnings

Vite 7.1.0 introduces several "future deprecation" warnings (removable in v8):

• removeServerPluginContainer
• removeServerReloadModule
• removeServerHot
• server.warmupRequest
• removeSsrLoadModule
• removePluginHookSsrArgument

Impact: Monitor console for deprecation warnings during development

---

🔒 Security Concerns

✅ Positive: The upgrade includes numerous security fixes from the 50+ bug fix releases between 6.4.1 and 7.1.12, including:

• Better malformed URL handling (v7.1.8)
• Improved CSP nonce support in error overlay (v7.1.7)
• Better path traversal protections with server.fs.deny checks (v7.1.11)
• Stricter file serving rules with fs.strict applied to HTML files (v7.1.5)

---

⚡ Performance Considerations

✅ Improvements in Vite 7:

• Reduced reload debounce for faster HMR (v7.1.0)
• Dynamic imports for better CLI startup time (v7.1.3)
• Better sourcemap handling performance
• Rollup 4.52.5 includes various performance optimizations

---

🧪 Test Coverage

⚠️ Action Required:

1. Run the full test suite to ensure no regressions
2. Test the following manually:
   • npm run dev - Development server with HMR
   • npm run build - Production build
   • npm run preview - Preview production build
   • WebSocket connections to your backend
   • Proxy functionality for /api and /rapidoc
3. Check for console warnings about deprecated features

---

📋 Recommended Actions Before Merging

• Update Node.js version in CI/CD to >= 20.19.0 or >= 22.12.0
• Run full test suite and verify all tests pass
• Test dev server with npm run dev
• Test production build with npm run build && npm run preview
• Verify WebSocket proxy connections work correctly
• Check browser console for deprecation warnings
• Verify SvelteKit integration works correctly
• Update documentation if any development workflow changes

---

🎯 Verdict

Recommendation: ⚠️ Merge with Caution

This is a major version upgrade with breaking changes. While the changes appear mechanically correct, you should:

1. Ensure Node.js version compatibility (this is critical)
2. Thoroughly test the application before deploying
3. Monitor for deprecation warnings in the console
4. Consider creating a staging deployment to test before production

The upgrade brings significant security improvements and performance benefits, making it worthwhile, but proper testing is essential given the breaking changes.

---

Generated by Claude Code PR Review 🤖