Skip to content

chore: bump the npm-patch-minor group across 1 directory with 2 updates#40

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-patch-minor-3429efe0be
Closed

chore: bump the npm-patch-minor group across 1 directory with 2 updates#40
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-patch-minor-3429efe0be

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-patch-minor group with 2 updates in the / directory: @types/node and vite-plus.

Updates @types/node from 26.0.1 to 26.1.0

Commits

Updates vite-plus from 0.2.1 to 0.2.2

Release notes

Sourced from vite-plus's releases.

vite-plus v0.2.2: Vite+ Beta

Vite+ is now in Beta: stable and ready for production adoption, fully open source under MIT. Read the announcement to see what Vite+ is about and where it is headed: Announcing Vite+ Beta.

On top of the Beta milestone, this release brings cross-version upgrades via vp migrate, an official Docker toolchain image on GHCR, zero-config runner-aware vp build caching, and PGP-verified managed Node.js downloads.

Highlights

  • vp migrate upgrades existing Vite+ projects across versions: previous release notes told users not to run vp migrate for upgrades. It now runs from the global CLI when the local one is older, re-pins vite-plus and the vite -> @voidzero-dev/vite-plus-core alias across dependencies, overrides/resolutions, and catalogs in every workspace package, aligns vitest / @vitest/* by actual usage, and defaults to a version-only upgrade (pass --full to also run the first-time setup bucket: hooks, editor, agent files, lint migration) (#1891), by @​fengmk2
  • Official Vite+ Docker toolchain image: ghcr.io/voidzero-dev/vite-plus bundles vp plus a native build toolchain on debian:bookworm-slim (amd64/arm64, non-root). Since vp provisions the exact Node.js from .node-version, one image builds any project, and a documented multi-stage build copies the resolved Node.js into a small vp-free runtime stage (#1944), by @​fengmk2
  • Zero-config vp build caching via runner-aware Vite: Vite reports its inputs, outputs, and tracked env reads to the vp runner over the new @voidzero-dev/vite-task-client IPC (vite#22453), so vp build caches correctly with no hand-written cache config: outputs are tracked and restored automatically, and a changed VITE_* env var invalidates the cache and is named in the cache-miss message (#1774), by @​wan9chi
  • PGP-verified Node.js downloads: installing a managed Node.js now verifies the release's clearsigned SHASUMS256.txt.asc against the vendored Node.js release keyring (pure Rust, no gpg required) before trusting any checksum, so a tampered archive is rejected before install; unsigned sources (musl builds, custom mirrors) fall back to checksum-only verification (#1848), by @​fengmk2

Features

  • vp check: a check block in vite.config.ts (check.fmt / check.lint) can make plain vp check skip formatting or linting by default, mirroring --no-fmt / --no-lint; standalone vp fmt / vp lint and git hooks are unaffected, and a note: line keeps the config-based skip discoverable (#1981), by @​fengmk2
  • vp env list-remote: highlight installed versions (color, or a * prefix when piped) and label the project-resolved current and global default versions; --json gains installed / current / default fields (#1907), by @​semimikoh
  • vpr ships as a vite-plus package bin, so the vp run shorthand works on clean installs without global PATH shims (Vercel build image, generic CI runners) (#1988), by @​kvnwolf
  • Vite Task: dependsOn can select tasks from dependency packages, e.g. dependsOn: [{ "task": "build", "from": "dependencies" }] (vite-task#479), by @​wan9chi
  • Vite Task: a task's env / untrackedEnv glob patterns support ! negation (e.g. ["VITE_*", "!VITE_SECRET"]) (vite-task#425), and an env-caused cache miss now names the variable inline, e.g. cache miss: env 'NODE_ENV' changed (vite-task#438), by @​wan9chi
  • Upgrade upstream dependencies: vite 8.0.16 -> 8.1.2, rolldown 1.1.1 -> 1.1.4, oxlint 1.70.0 -> 1.72.0, oxfmt 0.55.0 -> 0.57.0, oxlint-tsgolint 0.23.0 -> 0.24.0, and the oxc toolchain 0.136.0 -> 0.138.0 (#1924, #1989, #2000, #2009), by @​voidzero-guard[bot]

Fixes & Enhancements

  • Windows: vp run no longer hangs CI when a node_modules/.bin .cmd shim is routed through PowerShell; the npm/pnpm/yarn .ps1 wrappers read stdin and block forever on a non-TTY pipe, so the PowerShell rewrite is now skipped when stdin is not an interactive terminal (vite-task#491, via #1973), by @​fengmk2
  • Vite Task: the task cache is stored in a per-schema-version directory (e.g. node_modules/.vite/task-cache/v13/), so switching between branches that pin different Vite+ versions no longer fails with Unrecognized database version (vite-task#433), by @​fengmk2
  • Vite Task: env values in cache fingerprints are stored only as SHA-256 digests and env cache-miss details report names without values (vite-task#455); prefix env assignments like PATH=... command now affect executable lookup during planning (vite-task#440); package.json / pnpm-workspace.yaml files with a UTF-8 BOM parse correctly (vite-task#424), by @​wan9chi
  • vp upgrade: run the pinned pnpm with a managed Node.js LTS directly instead of re-entering vp install, so an incompatible session/project/system runtime can no longer make pnpm skip optional native binaries and leave the upgraded CLI broken (#1900), by @​liangmiQwQ
  • Global package installs: each install writes to an immutable packages/<name>#<uuid> prefix that is activated via metadata after npm succeeds, so an interrupted reinstall can no longer leave the active package unavailable (#1906), and stale interrupted-install directories are swept with file-lock protection for concurrent installs (#1945), by @​liangmiQwQ
  • lazyPlugins(): skip plugin factories only while config metadata is being resolved instead of keying off VP_COMMAND, so builds spawned under vp run / vp exec keep the user's plugins and vp format no longer loads them (#1939), by @​fengmk2
  • vp migrate (pnpm): add a direct vite devDep aliased to the core override wherever vite-plus is depended on, so vitest's vite peer binds to @voidzero-dev/vite-plus-core instead of pulling in a second upstream vite that broke the vp test cache (#1933), by @​fengmk2
  • vp pack: bundle @tsdown/exe and @tsdown/css into core so --exe and CSS bundling work without a resolvable top-level tsdown; the native lightningcss becomes an optional peer loaded lazily with an actionable error (#1919), by @​fengmk2
  • vp env: invalidate stale shim resolve cache entries when the project's Node.js version source changes (#1951), by @​jong-kyung
  • Node shim: when the project declares npm via packageManager / devEngines.packageManager, child processes spawned from node resolve the managed npm instead of the Node-bundled one (#1938); vp env which reports bins linked by an intercepted npm install -g (e.g. tsc) instead of "not found" (#1968); bins with uppercase names (e.g. vitePlus) dispatch correctly (#1963), by @​liangmiQwQ
  • vp-setup: pass the configured npm registry to the inner pnpm install so setup works behind custom registries (#1795), by @​daflyinbed
  • Native binding: declare the platform packages' true ABI floor engines.node >=20.0.0 so engine-strict package managers (pnpm) no longer skip the optional native dependency and fail with Cannot find native binding when a consumer's Node floor lands in a product-policy gap (#1993), by @​fengmk2
  • vp create: run git init without creating an initial commit, so commitlint-configured templates no longer reject the hardcoded message and template placeholders are not baked into history (#2008), by @​forehalo
  • vp staged --debug: inline the bundled lint-staged version so debug logging no longer crashes reading a package.json that does not exist in the bundle (#1925), by @​rokuosan
  • Installer: retry downloads truncated mid-body in HttpClient::get_bytes (the platform-tarball path for vp upgrade and the standalone installer) (#1940), and clean up the temp dir when a package-manager install fails instead of leaking .tmpXXXX directories (#1949), by @​shulaoda
  • Windows/msys: normalize backslashes in the env.fish fallback path (#1954), by @​Aalivexy
  • install.ps1: detect the missing VC++ runtime (0xC0000135) and print VC++ Redistributable guidance instead of a generic failure; interactive irm | iex installs keep the shell open (#1962), by @​cheezone
  • vp migrate: preserve comments, key order, and trailing commas in existing .vscode / .zed JSONC configs by patching the original text instead of re-serializing it (#1956), by @​fengmk2
  • Migration: link the git hook warning to the migration guide (#1902), by @​naokihaba
  • vp info / vp view: use package-manager-native commands (pnpm view, bun info, yarn npm info) instead of routing every lookup through npm view (#1895), by @​jong-kyung
  • Correct overused ErrorConfig error types across the codebase (#1934), by @​liangmiQwQ

Refactor

  • vite_install: centralize Yarn v1/berry branching with is_yarn_berry (#1897), by @​jong-kyung

Docs

... (truncated)

Commits
  • 4f7fd0b release: v0.2.2 Vite+ Beta (#2016)
  • 6a5c472 test(snap): pin VP_VERSION to a published version in install fixtures (#2017)
  • 327d23a feat(migrate): upgrade existing Vite+ projects across versions (#1891)
  • 6c3f3b6 feat(cli): expose vpr as a package bin (#1988)
  • 6b7ad80 feat(deps): upgrade upstream dependencies (#2009)
  • 36535c3 fix(create): initialize git without an initial commit (#2008)
  • 1bc8637 feat(deps): upgrade upstream dependencies (#2000)
  • 3d49d4d feat(deps): upgrade upstream dependencies (#1989)
  • 6f7c2be fix(binding): declare native addon engines.node >=20.0.0 (#1993)
  • 914ca11 feat(check): support check.fmt/check.lint in vite.config.ts (#1981)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 6, 2026
Bumps the npm-patch-minor group with 2 updates in the / directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [vite-plus](https://github.com/voidzero-dev/vite-plus/tree/HEAD/packages/cli).


Updates `@types/node` from 26.0.1 to 26.1.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `vite-plus` from 0.2.1 to 0.2.2
- [Release notes](https://github.com/voidzero-dev/vite-plus/releases)
- [Commits](https://github.com/voidzero-dev/vite-plus/commits/v0.2.2/packages/cli)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 26.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-patch-minor
- dependency-name: vite-plus
  dependency-version: 0.2.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-patch-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore: bump the npm-patch-minor group with 2 updates chore: bump the npm-patch-minor group across 1 directory with 2 updates Jul 6, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-patch-minor-3429efe0be branch from 46b66a1 to 93a2be9 Compare July 6, 2026 18:01
@altaywtf

altaywtf commented Jul 6, 2026

Copy link
Copy Markdown
Member

Superseded by direct dependency-bump commit 9328146, which updates the package group and aligns the Vite+ core override in one verified change.

Verification: pnpm exec vp run verify.

🤖 AI-assisted via Codex, GPT-5.5, high reasoning

@altaywtf altaywtf closed this Jul 6, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm-patch-minor-3429efe0be branch July 6, 2026 18:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant