Bump vite from 5.4.0 to 5.4.6 #58

dependabot · 2024-09-17T18:49:30Z

Bumps vite from 5.4.0 to 5.4.6.

Changelog

5.4.6 (2024-09-16)

fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115) (179b177), closes #18115

fix: fs raw query (#18112) (6820bb3), closes #18112

5.4.5 (2024-09-13)

fix(preload): backport #18098, throw error preloading module as well (#18099) (faa2405), closes #18098 #18099

5.4.4 (2024-09-11)

fix: backport #17997, ensure req.url matches moduleByEtag URL to avoid incorrect 304 (#18078) (74a79c5), closes #17997 #18078

fix: backport #18063, allow scanning exports from script module in svelte (#18077) (d90ba40), closes #18063 #18077

fix(preload): backport #18046, allow ignoring dep errors (#18076) (8760293), closes #18046 #18076

5.4.3 (2024-09-03)

fix: allow getting URL of JS files in publicDir (#17915) (943ece1), closes #17915

fix: cjs warning respect the logLevel flag (#17993) (dc3c14f), closes #17993

fix: improve CJS warning trace information (#17926) (5c5f82c), closes #17926

fix: only remove entry assets handled by Vite core (#17916) (ebfaa7e), closes #17916

fix: waitForRequestIdle locked (#17982) (ad13760), closes #17982

fix(css): fix directory index import in sass modern api (#17960) (9b001ba), closes #17960

fix(css): fix sass file:// reference (#17909) (561b940), closes #17909

fix(css): fix sass modern source map (#17938) (d428e7e), closes #17938

fix(deps): bump tsconfck (#17990) (8c661b2), closes #17990

fix(html): rewrite assets url in <template> (#17988) (413c86a), closes #17988

fix(preload): add crossorigin attribute in CSS link tags (#17930) (15871c7), closes #17930

chore: reduce diffs with v6 branch (#17942) (bf9065a), closes #17942

chore(deps): update all non-major dependencies (#17945) (cfb621e), closes #17945

chore(deps): update all non-major dependencies (#17991) (0ca53cf), closes #17991

5.4.2 (2024-08-20)

chore: remove stale TODOs (#17866) (e012f29), closes #17866

refactor: remove redundant prepend/strip base (#17887) (3b8f03d), closes #17887

fix: resolve relative URL generated by renderBuiltUrl passed to module preload (#16084) (fac3a8e), closes #16084

feat: support originalFilename (#17867) (7d8c0e2), closes #17867

5.4.1 (2024-08-15)

... (truncated)

Commits

f969176 release: v5.4.6
179b177 fix: avoid DOM Clobbering gadget in getRelativeUrlFromDocument (#18115)
6820bb3 fix: fs raw query (#18112)
37881e7 release: v5.4.5
faa2405 fix(preload): backport #18098, throw error preloading module as well (#18099)
54c55db release: v5.4.4
74a79c5 fix: backport #17997, ensure req.url matches moduleByEtag URL to avoid incorr...
d90ba40 fix: backport #18063, allow scanning exports from script module in svelte (...
8760293 fix(preload): backport #18046, allow ignoring dep errors (#18076)
ccbfc1a release: v5.4.3
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.4.0 to 5.4.6. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.6/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.6/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

commit cf13702 Author: Bálint Szekeres <szekeres@b4lint.hu> Date: Sat Nov 16 15:27:20 2024 +0100 await fix commit d54af3b Author: Jesper Noordsij <45041769+jnoordsij@users.noreply.github.com> Date: Sat Nov 16 15:26:36 2024 +0100 Migrate to flat-cache v6 (feat-agency#62) * Migrate to flat-cache v6 * unified file cache, use node_modules/.vite/cache as cache directory --------- Co-authored-by: Bálint Szekeres <szekeres@b4lint.hu> commit ce8182a Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Nov 15 19:52:04 2024 +0100 Bump rollup from 4.20.0 to 4.22.4 (feat-agency#60) Bumps [rollup](https://github.com/rollup/rollup) from 4.20.0 to 4.22.4. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.20.0...v4.22.4) --- updated-dependencies: - dependency-name: rollup dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit cf452a0 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Nov 15 19:51:57 2024 +0100 Bump axios from 1.7.3 to 1.7.4 (feat-agency#59) Bumps [axios](https://github.com/axios/axios) from 1.7.3 to 1.7.4. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.3...v1.7.4) --- updated-dependencies: - dependency-name: axios dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 03b3462 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Nov 15 19:51:48 2024 +0100 Bump vite from 5.4.0 to 5.4.6 (feat-agency#58) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.4.0 to 5.4.6. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.6/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.6/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit fbac156 Author: Bálint Szekeres <szekeres@b4lint.hu> Date: Tue Aug 13 17:04:06 2024 +0200 run test on pull_request

* Add required type for options with defaults, Add option to move fonts to separate folder * fix error on empty string * Bump version * Update readme.md * Fix vulnerable dependency * Add warning note to embedFonts option * Fix lint errors in tests * Squashed commit of the following: commit cf13702 Author: Bálint Szekeres <szekeres@b4lint.hu> Date: Sat Nov 16 15:27:20 2024 +0100 await fix commit d54af3b Author: Jesper Noordsij <45041769+jnoordsij@users.noreply.github.com> Date: Sat Nov 16 15:26:36 2024 +0100 Migrate to flat-cache v6 (#62) * Migrate to flat-cache v6 * unified file cache, use node_modules/.vite/cache as cache directory --------- Co-authored-by: Bálint Szekeres <szekeres@b4lint.hu> commit ce8182a Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Nov 15 19:52:04 2024 +0100 Bump rollup from 4.20.0 to 4.22.4 (#60) Bumps [rollup](https://github.com/rollup/rollup) from 4.20.0 to 4.22.4. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.20.0...v4.22.4) --- updated-dependencies: - dependency-name: rollup dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit cf452a0 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Nov 15 19:51:57 2024 +0100 Bump axios from 1.7.3 to 1.7.4 (#59) Bumps [axios](https://github.com/axios/axios) from 1.7.3 to 1.7.4. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.3...v1.7.4) --- updated-dependencies: - dependency-name: axios dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 03b3462 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Nov 15 19:51:48 2024 +0100 Bump vite from 5.4.0 to 5.4.6 (#58) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.4.0 to 5.4.6. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.6/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.6/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit fbac156 Author: Bálint Szekeres <szekeres@b4lint.hu> Date: Tue Aug 13 17:04:06 2024 +0200 run test on pull_request * renamed `fontsSubfolder` to `assetsSubfolder`, additional security --------- Co-authored-by: Bálint Szekeres <szekeres@b4lint.hu>

dependabot bot added the dependencies Pull requests that update a dependency file label Sep 17, 2024

0xb4lint merged commit 03b3462 into master Nov 15, 2024
4 checks passed

dependabot bot deleted the dependabot/npm_and_yarn/vite-5.4.6 branch November 15, 2024 18:51

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump vite from 5.4.0 to 5.4.6 #58

Bump vite from 5.4.0 to 5.4.6 #58

Bump vite from 5.4.0 to 5.4.6 #58

Bump vite from 5.4.0 to 5.4.6 #58

Conversation

5.4.6 (2024-09-16)

5.4.5 (2024-09-13)

5.4.4 (2024-09-11)

5.4.3 (2024-09-03)

5.4.2 (2024-08-20)

5.4.1 (2024-08-15)