Skip to content

fix(frontend): upgrade vite to 8.0.8 and resolve esbuild security vulnerability#19

Open
lzw-git-all wants to merge 1 commit intolibrae8226:masterfrom
lzw-git-all:fix/upgrade-vite
Open

fix(frontend): upgrade vite to 8.0.8 and resolve esbuild security vulnerability#19
lzw-git-all wants to merge 1 commit intolibrae8226:masterfrom
lzw-git-all:fix/upgrade-vite

Conversation

@lzw-git-all
Copy link
Copy Markdown
Contributor

@lzw-git-all lzw-git-all commented Apr 13, 2026
edited
Loading

Summary

  • Upgrade vite from 5.4.14 to 8.0.8
  • Resolve esbuild security vulnerability (CVE in transitive dependency)

Test plan

  • Verify frontend builds correctly
  • Test development server
  • Confirm production build works

🤖 Generated with Claude Code

@lzw-git-all @claude
fix(frontend): upgrade vite to 8.0.8 and resolve esbuild security vul…
64eebb1 
…nerability

- Upgraded vite from 5.4.21 to 8.0.8
- Upgraded @vitejs/plugin-react from 4.7.0 to 6.0.1
- Upgraded postcss from 8.5.8 to 8.5.9
- Added "type": "module" to package.json (fix Node.js warning)
- Changed rollupOptions to rolldownOptions (Vite 8 bundler change)
- Changed manualChunks from object to function form (Rolldown requirement)
- Fixed 2 moderate security vulnerabilities (esbuild GHSA-67mh-4wv8-2f99)

Verified: build succeeds, chunks split correctly (vendor, xterm)

Co-Authored-By: Claude <noreply@anthropic.com>
@librae8226
Copy link
Copy Markdown
Owner

librae8226 commented Apr 13, 2026

Test Results

Tested this PR locally on WSL2 (Node.js v24.14.0) — build fails with a fatal error:

> tsc && vite build
Bus error (core dumped)

tsc passes cleanly, but vite build crashes immediately. This is likely caused by Rolldown (Vite 8's new Rust-based bundler) being unstable on WSL2.

For reference, the original Vite 5 build completes successfully in ~11s on the same machine.

Additional concerns:

  • This upgrades Vite 5 → 8 in a single jump, skipping all breaking changes in v6 and v7
  • The test plan checklist is unchecked — no verification was done before opening
  • rollupOptionsrolldownOptions is the right direction for Vite 8, but the build doesn't work in this environment

Leaving this open for now. A more conservative path would be upgrading to Vite 6.x first and verifying the build on the target platform.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lzw-git-all @librae8226