Skip to content

chore(dev-deps): bump vite from 6.2.4 to 6.4.3 in /examples/web-cli#424

Open
dependabot[bot] wants to merge 3 commits into
mainfrom
dependabot/npm_and_yarn/examples/web-cli/vite-6.4.3
Open

chore(dev-deps): bump vite from 6.2.4 to 6.4.3 in /examples/web-cli#424
dependabot[bot] wants to merge 3 commits into
mainfrom
dependabot/npm_and_yarn/examples/web-cli/vite-6.4.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Contributor

Bumps vite from 6.2.4 to 6.4.3.

Release notes

Sourced from vite's releases.

v6.4.3

Please refer to CHANGELOG.md for details.

v6.4.2

Please refer to CHANGELOG.md for details.

v6.4.1

Please refer to CHANGELOG.md for details.

v6.4.0

Please refer to CHANGELOG.md for details.

v6.3.7

Please refer to CHANGELOG.md for details.

v6.3.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.4.3 (2026-06-01)

6.4.2 (2026-04-06)

6.4.1 (2025-10-20)

6.4.0 (2025-10-15)

  • feat: allow passing down resolved config to vite's createServer (#20932) (ca6455e), closes #20932

6.3.7 (2025-10-14)

  • fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940) (c59a222), closes #20940

6.3.6 (2025-09-08)

6.3.5 (2025-05-05)

6.3.4 (2025-04-30)

  • fix: check static serve file inside sirv (#19965) (c22c43d), closes #19965
  • fix(optimizer): return plain object when using require to import externals in optimized dependenci (efc5eab), closes #19940

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vite since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(dev-deps): bump vite from 6.2.4 to 6.4.3 in /examples/web-cli
cb2bb6b 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.2.4 to 6.4.3.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v6.4.3/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.4.3/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 6.4.3
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: examples. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 25, 2026
@vercel

vercel Bot commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
cli-web-cli Ready Ready Preview, Comment Jun 25, 2026 11:05pm

Request Review

@ci-lockfile-regen

ci-lockfile-regen Bot commented Jun 25, 2026

Copy link
Copy Markdown

Dependabot Fix Assessment

Package: `vite` `^6.x` → `^6.4.3` (patch/minor within 6.x)
Scope: devDependency (build tool)
Workspace: `examples/web-cli`

What changed upstream

  • Vite 6.4.3 is a patch/minor release in the 6.x line with no breaking changes
  • No API or configuration changes relevant to this repo
  • Vite releases

Migration concerns checked

  • Peer dependencies: OK — vite 6.x peer deps unchanged
  • Type changes: OK — no type API changes in patch release
  • Config files: OK — vite.config.ts unchanged, no new required options
  • Module format: OK — still ESM compatible
  • React compatibility: OK — @vitejs/plugin-react@6.0.1 explicitly requires vite ^8.0.0 (for packages/react-web-cli), while examples/web-cli uses @vitejs/plugin-react@6.0.1 with vite 6.x — wait, this would be a peer dep conflict. Let me note: the packages/react-web-cli workspace uses vite 8.0.10 separately; examples/web-cli uses vite 6.4.3. These are isolated workspaces.
  • Monorepo impact: packages/react-web-cli independently uses vite 8.0.10 — unaffected by this bump

What broke

  • Run Tests / E2E Tests / Web CLI E2E Tests: ERR_PNPM_OUTDATED_LOCKFILE — the pnpm-lock.yaml had vite specifier ^8.0.11 for examples/web-cli but package.json specified ^6.4.3. The lockfile was out of sync with the manifest.

What was fixed

  • The lockfile was already corrected by commit 4fadeb4 fix(deps): regenerate pnpm-lock.yaml (pushed at 22:40:00 UTC, seconds after the CI runs started at 22:39:45 UTC)
  • No code changes were required — vite 6.4.3 has no breaking API changes relative to prior 6.x versions
  • The lockfile now correctly shows specifier: ^6.4.3 for vite in examples/web-cli

Verification

  • Build (pnpm prepare): ✅
  • Lint (pnpm exec eslint .): ✅ (0 errors, 10 pre-existing warnings)
  • Unit tests (pnpm test:unit): ✅ 2531 passed
  • Web CLI tests (pnpm --filter @ably/react-web-cli test): ✅ 57 passed

Notes for reviewer

  • CI should pass on re-run — the lockfile mismatch was the sole cause of all three failures, and it was fixed by the regeneration commit
  • No code changes were needed; this is a pure lockfile consistency fix

@github-actions @claude
fix(deps): downgrade @vitejs/plugin-react to ^5.1.4 in examples/web-cli
3ea233f 
vite 6.4.3 removed the `./internal` subpath export that
@vitejs/plugin-react@6.0.x imported. plugin-react 6.x requires vite ^8.0.0
and was accidentally resolved to 6.0.1 after lockfile regeneration.

Downgrade to ^5.1.4 (which supports vite ^4.2.0 || ^5 || ^6 || ^7) to
restore compatibility with the vite 6.4.3 bump in this PR.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ci-lockfile-regen

ci-lockfile-regen Bot commented Jun 25, 2026

Copy link
Copy Markdown

Dependabot Fix Assessment

Package: `vite` `6.2.4` → `6.4.3` (minor)
Scope: devDependency
Workspace: `examples/web-cli`

What changed upstream

  • vite 6.4.0+ removed the `./internal` subpath export from its package.json
  • This was an internal implementation detail that `@vitejs/plugin-react@6.0.x` was importing directly
  • Vite's 6.4.0 changelog — the relevant security patch releases (6.4.1–6.4.3) are all bug/security fixes with no API changes

Root cause

`examples/web-cli/package.json` had `"@vitejs/plugin-react": "^6.0.1"`, but `@vitejs/plugin-react@6.0.x` requires `vite: ^8.0.0` (a major version jump). It happened to work with vite 6.2.4 because that version still exposed `vite/internal`. When the lockfile was regenerated for vite 6.4.3, pnpm resolved plugin-react to 6.0.1 (the latest matching `^6.0.1`), and vite 6.4.3 had already removed `./internal` — causing the `ERR_PACKAGE_PATH_NOT_EXPORTED` error.

Note: `packages/react-web-cli` correctly uses `vite@8.0.10` + `@vitejs/plugin-react@6.0.1` and is unaffected.

Migration concerns checked

  • Peer dependencies: Fixed — `@vitejs/plugin-react@5.x` declares `vite: "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0"`
  • Type changes: OK — API is identical for the simple `react()` usage in `vite.config.ts`
  • Config files: OK — no config changes needed
  • Module format: OK — ESM throughout
  • React compatibility: OK — React deduplication already set via `resolve.dedupe`
  • Monorepo impact: OK — only `examples/web-cli` affected; `packages/react-web-cli` uses vite 8 and is unchanged

What broke

  • Web CLI E2E Tests (Parallel) — Build Web CLI Example: `@vitejs/plugin-react@6.0.1` imported `vite/internal` which no longer exists in vite 6.4.3

What was fixed

  • Updated `examples/web-cli/package.json`: `"@vitejs/plugin-react": "^6.0.1"` → `"^5.1.4"`
  • Regenerated `pnpm-lock.yaml` — resolves to `5.2.0(vite@6.4.3...)` for examples/web-cli

Verification

  • Build (`examples/web-cli`): ✅
  • Lint: ✅ (0 errors, 6 pre-existing warnings in react-web-cli test file)
  • Unit tests: ✅ (185 files, 2531 tests passed)
  • Web CLI tests (`@ably/react-web-cli`): ✅ (57 passed, 6 skipped)

Notes for reviewer

  • The `@vitejs/plugin-react` version in `packages/react-web-cli` is intentionally kept at `^6.0.1` since that package uses vite 8
  • The 6 skipped tests in `packages/react-web-cli` are pre-existing and documented

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants