Bump the npm_and_yarn group across 12 directories with 9 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the /compiler/internal/vm/debugger/tools/lldb-dap/extension directory: brace-expansion and picomatch.
Bumps the npm_and_yarn group with 4 updates in the /compiler/internal/vm/foundation/test directory: @nestjs/core, astro, happy-dom and nodemailer.
Bumps the npm_and_yarn group with 1 update in the /compiler/internal/vm/foundation/test/cli/install/migration/contoso-test directory: brace-expansion.
Bumps the npm_and_yarn group with 2 updates in the /compiler/internal/vm/foundation/test/cli/install/migration/yarn/yarn-cli-repo directory: brace-expansion and handlebars.
Bumps the npm_and_yarn group with 2 updates in the /compiler/internal/vm/foundation/test/integration/vite-build/the-test-app directory: nodemailer and vite.
Bumps the npm_and_yarn group with 1 update in the /compiler/internal/vm/foundation/test/js/third_party/astro directory: astro.
Bumps the npm_and_yarn group with 4 updates in the /compiler/internal/vm/libconsepts/dynamic_bitset/doc directory: brace-expansion, picomatch, handlebars and convict.
Bumps the npm_and_yarn group with 1 update in the /compiler/internal/vm/libconsepts/msm/doc directory: picomatch.
Bumps the npm_and_yarn group with 4 updates in the /compiler/internal/vm/libconsepts/openmethod/doc directory: brace-expansion, picomatch, handlebars and convict.
Bumps the npm_and_yarn group with 4 updates in the /compiler/internal/vm/libconsepts/redis/doc directory: brace-expansion, picomatch, handlebars and convict.
Bumps the npm_and_yarn group with 4 updates in the /compiler/internal/vm/libconsepts/unordered/doc directory: brace-expansion, picomatch, handlebars and convict.
Bumps the npm_and_yarn group with 4 updates in the /compiler/internal/vm/libconsepts/url/doc directory: brace-expansion, picomatch, handlebars and convict.

Updates brace-expansion from 2.0.2 to 2.0.3

Commits

• 73b5459 2.0.3
• 311ac0d Backport fix for GHSA-f886-m6hf-6m8v to v2 (#96)
• See full diff in compare view

Updates brace-expansion from 1.1.12 to 1.1.13

Commits

• 73b5459 2.0.3
• 311ac0d Backport fix for GHSA-f886-m6hf-6m8v to v2 (#96)
• See full diff in compare view

Updates picomatch from 2.3.1 to 2.3.2

Release notes

Sourced from picomatch's releases.

2.3.2

This is a security release fixing several security relevant issues.

What's Changed

• fix: exception when glob pattern contains constructor by @​Jason3S in micromatch/picomatch#144
• Fix for CVE-2026-33671
• Fix for CVE-2026-33672

Full Changelog: micromatch/picomatch@2.3.1...2.3.2

Changelog

Sourced from picomatch's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

• Changelogs are for humans, not machines.
• There should be an entry for every single version.
• The same types of changes should be grouped.
• Versions and sections should be linkable.
• The latest version comes first.
• The release date of each versions is displayed.
• Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

• Added for new features.
• Changed for changes in existing functionality.
• Deprecated for soon-to-be removed features.
• Removed for now removed features.
• Fixed for any bug fixes.
• Security in case of vulnerabilities.

4.0.0 (2024-02-07)

Fixes

• Fix bad text values in parse #126, thanks to @​connor4312

Changed

• Remove process global to work outside of node #129, thanks to @​styfle
• Add sideEffects to package.json #128, thanks to @​frandiox
• Removed os, make compatible browser environment. See #124, thanks to @​gwsbhqt

3.0.1

Fixes

... (truncated)

Commits

• 81cba8d Publish 2.3.2
• fc1f6b6 Merge commit from fork
• eec17ae Merge commit from fork
• 78f8ca4 Merge pull request #156 from micromatch/backport-144
• 3f4f10e Merge pull request #144 from Jason3S/jdent-object-properties
• See full diff in compare view

Updates @nestjs/core from 11.0.3 to 11.1.18

Release notes

Sourced from @​nestjs/core's releases.

v11.1.18 (2026-04-03)

Bug fixes

• microservices
  • #16675 fix(microservices): preserve packet headers in nats serializer (@​wwenrr)
• core
  • #16683 fix(core): prevent injector hang when design:paramtypes is missing (@​Youmoo)
  • #16637 fix(core): dependency injection edge case with moduleref.create (@​JakobStaudinger)
  • nestjs/nest#16686 fix(core): sanitize sse message

Dependencies

• core, platform-express, platform-fastify
  • #16679 fix(deps): update dependency path-to-regexp to v8.4.2 (@​renovate[bot])
• platform-fastify
  • #16623 fix(deps): update dependency fastify to v5.8.4 (@​renovate[bot])
• platform-ws
  • #16618 chore(deps): bump ws from 8.19.0 to 8.20.0 (@​dependabot[bot])
• common
  • #16619 chore(deps): bump file-type from 21.3.3 to 21.3.4 (@​dependabot[bot])

Committers: 6

• Ankit San (@​ankitbelal)
• Jakob Staudinger (@​JakobStaudinger)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Krishna Chaitanya (@​Krishnachaitanyakc)
• MK (@​wwenrr)
• youmoo (@​Youmoo)

v11.1.17 (2026-03-16)

Enhancements

• microservices
  • #16218 feat(microservices): add redis driver identification (@​vchomakov)

Bugs

• platform-fastify
  • auto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) nestjs/nest@cbdf737 (@​kamilmysliwiec)

Dependencies

• common
  • #16567 fix(deps): update dependency file-type to v21.3.2 (@​renovate[bot])
• platform-fastify
  • #16533 fix(deps): update dependency fastify to v5.8.2 (@​renovate[bot])

Committers: 3

• Rohan Santhosh Kumar (@​Rohan5commit)
• Vasil Chomakov (@​vchomakov)
• Kamil Mysliwiec (@​kamilmysliwiec)

... (truncated)

Commits

• 3c1cc5f chore(release): publish v11.1.18 release
• 0f962c7 fix(core): sanitize sse message
• 94aa424 Merge pull request #16679 from nestjs/renovate/path-to-regexp-8.x
• 368691c fix(core): prevent injector hang when design:paramtypes is missing
• 25d4fde fix(deps): update dependency path-to-regexp to v8.4.2
• 5c0b11e fix(deps): update dependency path-to-regexp to v8.4.1
• f7d4460 Merge pull request #16637 from JakobStaudinger/moduleref-create-transient-sco...
• d0a9dc9 fix(deps): update dependency path-to-regexp to v8.4.0
• 4677434 feat(core): export IEntryNestModule type
• 7493b94 fix(core): dependency injection edge case with moduleref.create
• Additional commits viewable in compare view

Updates astro from 5.5.5 to 5.18.1

Release notes

Sourced from astro's releases.

astro@5.18.1

Patch Changes

• Updated dependencies [c2cd371]:
  • @​astrojs/internal-helpers@​0.7.6
  • @​astrojs/markdown-remark@​6.3.11

Changelog

Sourced from astro's changelog.

5.18.1

Patch Changes

• Updated dependencies [c2cd371]:
  • @​astrojs/internal-helpers@​0.7.6
  • @​astrojs/markdown-remark@​6.3.11

5.18.0

Minor Changes

• #15589 b7dd447 Thanks @​qzio! - Adds a new security.actionBodySizeLimit option to configure the maximum size of Astro Actions request bodies.

  This lets you increase the default 1 MB limit when your actions need to accept larger payloads. For example, actions that handle file uploads or large JSON payloads can now opt in to a higher limit.

  If you do not set this option, Astro continues to enforce the 1 MB default to help prevent abuse.

  // astro.config.mjs
  export default defineConfig({
    security: {
      actionBodySizeLimit: 10 * 1024 * 1024, // set to 10 MB
    },
  });

Patch Changes

• #15594 efae11c Thanks @​qzio! - Fix X-Forwarded-Proto validation when allowedDomains includes both protocol and hostname fields. The protocol check no longer fails due to hostname mismatch against the hardcoded test URL.

5.17.3

Patch Changes

• #15564 522f880 Thanks @​matthewp! - Add a default body size limit for server actions to prevent oversized requests from exhausting memory.

• #15569 e01e98b Thanks @​matthewp! - Respect image allowlists when inferring remote image sizes and reject remote redirects.

5.17.2

Patch Changes

• c13b536 Thanks @​matthewp! - Improves Host header handling for SSR deployments behind proxies

5.17.1

Patch Changes

• #15334 d715f1f Thanks @​florian-lefebvre! - BREAKING CHANGE to the experimental Fonts API only

... (truncated)

Commits

• 434d9cc [ci] release (#15829)
• c2cd371 fix(helpers): Backport remote patterns segments fix (#15828)
• 011f061 [ci] release (#15597)
• efae11c fix: X-Forwarded-Proto rejected when allowedDomains includes protocol… (#15594)
• 751ccf0 Update actionBodySizeLimit changeset and make minor (#15600)
• b7dd447 make actionBodySizeLimit configurable (#15589)
• e0f1a2b [ci] release (#15571)
• 522f880 Limit action request body size (#15564)
• 436962a chore: Upgrade Vite and esbuild (#15554)
• e01e98b Respect remote image allowlists (#15569)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for astro since your current version.

Updates happy-dom from 17.0.3 to 20.8.9

Release notes

Sourced from happy-dom's releases.

v20.8.9

👷‍♂️ Patch fixes

• Fixes issue where cookies from the current origin was being forwarded to the target origin in fetch requests - By @​capricorn86 in task #2117
  • A security advisory (GHSA-w4gp-fjgq-3q4g) was reported for this security vulnerability. Big thanks to @​r74tech for reporting this!

v20.8.8

👷‍♂️ Patch fixes

• Fixes issue where export names can be interpolated as executable code in ESM - By @​capricorn86 in task #2113
  • A security advisory (GHSA-6q6h-j7hj-3r64) has been reported that shows a security vulnerability where it may be possible to escape the VM context and get access to process level functionality in unsafe environments using CommonJS. Big thanks to @​tndud042713 for reporting this!

v20.8.7

👷‍♂️ Patch fixes

• Replace implementing Node.js Console with common IConsole interface to support latest version of Bun - By @​YevheniiKotyrlo in task #1845

v20.8.6

👷‍♂️ Patch fixes

• Request.formData() should honor "Content-Type" header - By @​brianhelba in task #2106

v20.8.5

👷‍♂️ Patch fixes

• Fixes error thrown when modifying DOM structure in connectedCallback() - By @​capricorn86 in task #2110

v20.8.4

👷‍♂️ Patch fixes

• Replace ConsoleConstructor import with indexed access type - By @​YevheniiKotyrlo in task #1845

v20.8.3

👷‍♂️ Patch fixes

• Throw error if event is not of type Event in EventTarget.dispatchEvent() - By @​capricorn86 in task #2054

v20.8.2

👷‍♂️ Patch fixes

• Resets Event.cancelBubble and Event.defaultPrevented when calling Event.initEvent() - By @​capricorn86 in task #2090

v20.8.1

👷‍♂️ Patch fixes

• Make "inert" attribute block focus interactions - By @​coffeeandwork in task #1422

v20.8.0

🎨 Features

• Adds support for setPointerCapture, hasPointerCapture, and releasePointerCapture to Element - By @​coffeeandwork in task #1733

v20.7.2

👷‍♂️ Patch fixes

• Properly decode CSS escape sequences in attribute selector values - By @​silverwind

v20.7.1

👷‍♂️ Patch fixes

• Fixes issue related to parsing direct descendants (>) and universal (*) query selectors - By @​Cherry in task #2078

... (truncated)

Commits

• 68324c2 fix: #2117 Fixes issue related to cookies from the current origin being for...
• 5437fdf fix: #2113 Fixes issue where export names can be interpolated as executable...
• 7e97acb fix: #1845 Replace implementing Node js Console with common IConsole interf...
• 3373929 fix: #2106 Request.formData() should honor Content-Type header (#2107)
• 55c17ba fix: #2110 Fixes error thrown when modifying DOM structure in connectedCall...
• 82a0888 fix: #1845 Replace ConsoleConstructor import with indexed access type (#2095)
• 5998eea fix: #2054 Throw error if event is not of type Event in dispatchEvent (#2092)
• 7a11238 fix: #2090 Resets cancelBubble and defaultPrevented when calling initEvent ...
• 7d27984 fix: #1422 Make inert attribute block focus interactions (#2083)
• 53e4ec9 feat: #1733 Adds support for setPointerCapture, hasPointerCapture, and rele...
• Additional commits viewable in compare view

Updates nodemailer from 6.9.3 to 8.0.4

Release notes

Sourced from nodemailer's releases.

v8.0.4

8.0.4 (2026-03-25)

Bug Fixes

• sanitize envelope size to prevent SMTP command injection (2d7b971)

v8.0.3

8.0.3 (2026-03-18)

Bug Fixes

• clean up addressparser and fix group name fallback producing undefined (9d55877)
• fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
• refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
• remove familySupportCache that broke DNS resolution tests (c803d90)

v8.0.2

8.0.2 (2026-03-09)

Bug Fixes

• merge fragmented display names with unquoted commas in addressparser (fe27f7f)

v8.0.1

8.0.1 (2026-02-07)

Bug Fixes

• absorb TLS errors during socket teardown (7f8dde4)
• absorb TLS errors during socket teardown (381f628)
• Add Gmail Workspace service configuration (#1787) (dc97ede)

v8.0.0

8.0.0 (2026-02-04)

⚠ BREAKING CHANGES

• Error code 'NoAuth' renamed to 'ENOAUTH'

Bug Fixes

• add connection fallback to alternative DNS addresses (e726d6f)
• centralize and standardize error codes (45062ce)
• harden DNS fallback against race conditions and cleanup issues (4fa3c63)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

8.0.4 (2026-03-25)

Bug Fixes

• sanitize envelope size to prevent SMTP command injection (2d7b971)

8.0.3 (2026-03-18)

Bug Fixes

• clean up addressparser and fix group name fallback producing undefined (9d55877)
• fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
• refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
• remove familySupportCache that broke DNS resolution tests (c803d90)

8.0.2 (2026-03-09)

Bug Fixes

• merge fragmented display names with unquoted commas in addressparser (fe27f7f)

8.0.1 (2026-02-07)

Bug Fixes

• absorb TLS errors during socket teardown (7f8dde4)
• absorb TLS errors during socket teardown (381f628)
• Add Gmail Workspace service configuration (#1787) (dc97ede)

8.0.0 (2026-02-04)

⚠ BREAKING CHANGES

• Error code 'NoAuth' renamed to 'ENOAUTH'

Bug Fixes

• add connection fallback to alternative DNS addresses (e726d6f)
• centralize and standardize error codes (45062ce)
• harden DNS fallback against race conditions and cleanup issues (4fa3c63)
• improve socket cleanup to prevent potential memory leaks (6069fdc)

7.0.13 (2026-01-27)

... (truncated)

Commits

• 2d31975 chore(master): release 8.0.4 (#1806)
• 2d7b971 fix: sanitize envelope size to prevent SMTP command injection
• 4e702e9 chore(master): release 8.0.3 (#1804)
• c803d90 fix: remove familySupportCache that broke DNS resolution tests
• e8c8b92 fix: fix cookie bugs, remove dead code, and improve hot-path efficiency
• 0e78ee1 chore: update dependencies
• af73b4c chore: upgrade GitHub Actions to latest versions
• 604b570 chore: simplify remaining lib modules for clarity and consistency
• 4ced83d chore: simplify shared, errors, mailer, mime-node, and mime-funcs modules
• 0cba16e chore: simplify smtp-pool with const, Object.assign, and cleaner control flow
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for nodemailer since your current version.

Updates brace-expansion from 2.0.1 to 2.0.3

Commits

• 73b5459 2.0.3
• 311ac0d Backport fix for GHSA-f886-m6hf-6m8v to v2 (#96)
• See full diff in compare view

Updates brace-expansion from 1.1.11 to 1.1.13

Commits

• 73b5459 2.0.3
• 311ac0d Backport fix for GHSA-f886-m6hf-6m8v to v2 (#96)
• See full diff in compare view

Updates handlebars from 4.0.11 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5
  • GHSA-2w6w-674q-4c4q
  • GHSA-3mfm-83xf-c92r
  • GHSA-xhpv-hc6g-r9c6
  • GHSA-xjpj-3mr7-gcpf
  • GHSA-9cx6-37pm-9jff
  • GHSA-2qvq-rjwj-gvw9
  • GHSA-7rx3-28cr-v5wh
  • GHSA-442j-39wm-28r2

Commits

v4.7.8

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5

Commits

v4.7.8 - July 27th, 2023

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#1736) - b6d3de7
• fix: escape property names in compat mode (#1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

• #1672 - Switch cmd parser to latest minimist (@​dougwilson

Compatibility notes:

• Restored Node.js compatibility

... (truncated)

Commits

• dce542c v4.7.9
• 8a41389 Update release notes
• 68d8df5 Fix security issues
• b2a0831 Fix browser tests
• 9f98c16 Fix release script
• 45443b4 Revert "Improve partial indenting performance"
• 8841a5f Fix CI errors with linting
• e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
• e914d60 Improve rendering performance
• 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Updates nodemailer from 6.10.1 to 8.0.4

Release notes

Sourced from nodemailer's releases.

v8.0.4

8.0.4 (2026-03-25)

Bug Fixes

• sanitize envelope size to prevent SMTP command injection (2d7b971)

v8.0.3

8.0.3 (2026-03-18)

Bug Fixes

• clean up addressparser and fix group name fallback producing undefined (9d55877)
• fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
• refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
• remove familySupportCache that broke DNS resolution tests (c803d90)

v8.0.2

8.0.2 (2026-03-09)

Bug Fixes

• merge fragmented display names with unquoted commas in addressparser (fe27f7f)

v8.0.1

8.0.1 (2026-02-07)

Bug Fixes

• absorb TLS errors during socket teardown (7f8dde4)
• absorb TLS errors during socket teardown (381f628)
• Add Gmail Workspace service configuration (#1787) (dc97ede)

v8.0.0

8.0.0 (2026-02-04)

⚠ BREAKING CHANGES

• Error code 'NoAuth' renamed to 'ENOAUTH'

Bug Fixes

• add connection fallback to alternative DNS addresses (e726d6f)
• centralize and standardize error codes (45062ce)
• harden DNS fallback against race conditions and cleanup issues (4fa3c63)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

8.0.4 (2026-03-25)

Bug Fixes

• sanitize envelope size to prevent SMTP command injection (2d7b971)

8.0.3 (2026-03-18)

Bug Fixes

• clean up addressparser and fix group name fallback producing undefined (9d55877)
• fix cookie bugs, remove dead code, and improve hot-path efficiency (e8c8b92)
• refactor smtp-connection for clarity and add Node.js 6 syntax compat test (c5b48ea)
• remove familySupportCache that broke DNS resolution tests (c803d90)

8.0.2 (2026-03-09)

Bug Fixes

• merge fragmented display names with unquoted commas in addressparser (fe27f7f)

8.0.1 (2026-02-07)

Bug Fixes

• absorb TLS errors during socket teardown (7f8dde4)
• absorb TLS errors during socket teardown (381f628)
• Add Gmail Workspace service configuration (#1787) (dc97ede)

8.0.0 (2026-02-04)

⚠ BREAKING CHANGES

• Error code 'NoAuth' renamed to 'ENOAUTH'

Bug Fixes

• add connection fallback to alternative DNS addresses (e726d6f)
• centralize and standardize error codes (45062ce)
• harden DNS fallback against race conditions and cleanup issues (4fa3c63)
• improve socket cleanup to prevent potential memory leaks (6069fdc)

7.0.13 (2026-01-27)

... (truncated)

Commits

• 2d31975 chore(master): release 8.0.4 (#1806)
• 2d7b971 fix: sanitize envelope size to prevent SMTP command injection
• 4e702e9 chore(master): release 8.0.3 (#1804)
• c803d90 fix: remove familySupportCache that broke DNS resolution tests
• e8c8b92 fix: fix cookie bugs, remove dead code, and improve hot-path efficiency
• 0e78ee1 chore: update dependencies
• af73b4c chore: upgrade GitHub Actions to latest versions
• 604b570 chore: simplify remaining lib modules for clarity and consistency
• 4ced83d chore: simplify shared, errors, mailer, mime-node, and mime-funcs modules
• 0cba16e chore: simplify smtp-pool with const, Object.assign, and cleaner control flow
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for nodemailer since your current version.

Updates vite from 5.4.21 to 8.0.5

Release notes

Sourced from vite's releases.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.1

Please refer to CHANGELOG.md for details.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0-beta.18

Please refer to CHANGELOG.md for details.

v8.0.0-beta.17

Please refer to CHANGELOG.md for details.

v8.0.0-beta.16

Please refer to CHANGELOG.md for details.

v8.0.0-beta.15

Please refer to CHANGELOG.md for details.

v8.0.0-beta.14

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.5 (2026-04-06)

Bug Fixes

• apply server.fs check to env transport (#22159) (f02d9fd)
• avoid path traversal with optimize deps sourcemap handler (#22161) (79f002f)
• check server.fs after stripping query as well (#22160) (

[dependabot]

Superseded by #53.