Skip to content

chore: bump the npm-patch-minor group across 1 directory with 3 updates#42

Merged
altaywtf merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-patch-minor-14723e99a0
Jul 14, 2026
Merged

chore: bump the npm-patch-minor group across 1 directory with 3 updates#42
altaywtf merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-patch-minor-14723e99a0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-patch-minor group with 3 updates in the / directory: @types/node, vite-plus and vitest.

Updates @types/node from 26.1.0 to 26.1.1

Commits

Updates vite-plus from 0.2.2 to 0.2.4

Release notes

Sourced from vite-plus's releases.

vite-plus v0.2.4: Vitest security hotfix

This hotfix updates the bundled Vitest Browser Mode packages to 4.1.10, which includes the fix for GHSA-p63j-vcc4-9vmv. The advisory is critical and affects @vitest/browser <=4.1.9.

Highlights

  • Critical Vitest Browser Mode advisory fixed: bundled vitest and @vitest/browser* move from 4.1.9 to 4.1.10, addressing GHSA-p63j-vcc4-9vmv, where provider commands could bypass the file access permission gate (#2089), by @​voidzero-guard[bot]

Chore

  • Add the standard release-manager skill for vite-plus release operations (#2019), by @​fengmk2

Bundled Versions

Tool Version Source
vite 8.1.3 578ffb8
rolldown 1.1.4 6cbd233
tsdown 0.22.3 npm
vitest 4.1.10 npm
oxlint 1.72.0 npm
oxlint-tsgolint 0.24.0 npm
oxfmt 0.57.0 npm

Upgrade

vp upgrade

New Contributors

No new contributors in this release.

Full Changelog: voidzero-dev/vite-plus@v0.2.3...v0.2.4

Published Packages

  • @voidzero-dev/vite-plus-core@0.2.4
  • vite-plus@0.2.4

Installation

macOS/Linux:

curl -fsSL https://vite.plus | bash

Windows:

irm https://vite.plus/ps1 | iex
</tr></table> 

... (truncated)

Commits
  • 1ca9f0f release: v0.2.4: Vitest security hotfix
  • 747f0e5 fix(deps): upgrade vitest to 4.1.10
  • 7f70680 release: v0.2.3: config extraction, create, and vp run reliability fixes (#2081)
  • 4a5d742 fix(static_config): trust defineConfig from vite (#2075)
  • 603140d feat(test): PTY-based interactive CLI snapshot tests (#2052)
  • dcae79f fix(create): read org manifest from the tarball when the registry strips crea...
  • b9b15c4 fix(static_config): only trust defineConfig fromvite-plus (#2060)
  • 98cc0db ci: pack local dirs for the registry bridge instead of pkg.pr.new (#2038)
  • 638c447 fix(global): respect custom VP_HOME (#2029)
  • b99c778 refactor(cli): remove unused exported helpers (#2046)
  • Additional commits viewable in compare view

Updates vitest from 4.1.9 to 4.1.10

Release notes

Sourced from vitest's releases.

v4.1.10

   🐞 Bug Fixes

    View changes on GitHub
Commits
  • db616d2 chore: release v4.1.10 (#10718)
  • bae52b5 fix(vm): fix external module resolve error with deps optimizer query for enco...
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 13, 2026
Bumps the npm-patch-minor group with 3 updates in the / directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [vite-plus](https://github.com/voidzero-dev/vite-plus/tree/HEAD/packages/cli) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).


Updates `@types/node` from 26.1.0 to 26.1.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `vite-plus` from 0.2.2 to 0.2.4
- [Release notes](https://github.com/voidzero-dev/vite-plus/releases)
- [Commits](https://github.com/voidzero-dev/vite-plus/commits/v0.2.4/packages/cli)

Updates `vitest` from 4.1.9 to 4.1.10
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/vitest)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 26.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-patch-minor
- dependency-name: vite-plus
  dependency-version: 0.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-patch-minor
- dependency-name: vitest
  dependency-version: 4.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-patch-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore: bump the npm-patch-minor group with 3 updates chore: bump the npm-patch-minor group across 1 directory with 3 updates Jul 14, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-patch-minor-14723e99a0 branch from 5c6676d to 172f24a Compare July 14, 2026 07:11
@altaywtf altaywtf merged commit f3f2b4d into main Jul 14, 2026
3 checks passed
@altaywtf altaywtf deleted the dependabot/npm_and_yarn/npm-patch-minor-14723e99a0 branch July 14, 2026 08:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant