chore(deps-dev): bump vite from 8.0.0 to 8.0.5

[dependabot]

Bumps vite from 8.0.0 to 8.0.5.

Release notes

Sourced from vite's releases.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.1

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.5 (2026-04-06)

Bug Fixes

• apply server.fs check to env transport (#22159) (f02d9fd)
• avoid path traversal with optimize deps sourcemap handler (#22161) (79f002f)
• check server.fs after stripping query as well (#22160) (a9a3df2)
• disallow referencing files outside the package from sourcemap (#22158) (f05f501)

8.0.4 (2026-04-06)

Features

• allow esbuild 0.28 as peer deps (#22155) (b0da973)
• hmr: truncate list of files on hmr update (#21535) (d00e806)
• optimizer: log when dependency scanning or bundling takes over 1s (#21797) (f61a1ab)

Bug Fixes

• hasBothRollupOptionsAndRolldownOptions should return false for proxy case (#22043) (99897d2)
• add types for vite/modulepreload-polyfill (#22126) (17330d2)
• deps: update all non-major dependencies (#22073) (6daa10f)
• deps: update all non-major dependencies (#22143) (22b0166)
• resolve: resolve tsconfig paths starting with # (#22038) (3460fc5)
• ssr: use browser platform for webworker SSR builds (fix #21969) (#21963) (364c227)

Documentation

• add environment.fetchModule documentation (#22035) (54229e7)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#21989) (0ded627)

Code Refactoring

• upgrade to typescript 6 (#22110) (cc41398)

8.0.3 (2026-03-26)

Features

• update rolldown to 1.0.0-rc.12 (#22024) (84164ef)

Bug Fixes

• html: cache unfiltered CSS list to prevent missing styles across entries (#22017) (5464190)
• module-runner: handle non-ascii characters in base64 sourcemaps (#21985) (77c95bf)
• module-runner: skip re-import if the runner is closed (#22020) (ee2c2cd)
• optimizer: scan is not resolving sub path import if used in a glob import (#22018) (ddfe20d)
• ssr: ssrTransform incorrectly rewrites meta identifier inside import.meta when a binding named meta exists (#22019) (cff5f0c)

Miscellaneous Chores

... (truncated)

Commits

• 1a12d4c release: v8.0.5
• 79f002f fix: avoid path traversal with optimize deps sourcemap handler (#22161)
• a9a3df2 fix: check server.fs after stripping query as well (#22160)
• f02d9fd fix: apply server.fs check to env transport (#22159)
• f05f501 fix: disallow referencing files outside the package from sourcemap (#22158)
• 7339bdc release: v8.0.4
• 54229e7 docs: add environment.fetchModule documentation (#22035)
• b0da973 feat: allow esbuild 0.28 as peer deps (#22155)
• 22b0166 fix(deps): update all non-major dependencies (#22143)
• 17330d2 fix: add types for vite/modulepreload-polyfill (#22126)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 9935a62

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

Cloudflare Pages Deployment

Event Name: pull_request
Environment: preview
Project: cloudflare-pages-action
Built with commit: 0d26836
Preview URL: https://c3110d1a.cloudflare-pages-action-a5z.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-vite-bnsb.cloudflare-pages-action-a5z.pages.dev

Wrangler Output

⛅️ wrangler 4.75.0 (update available 4.80.0)
─────────────────────────────────────────────
Uploading... (3/3)
✨ Success! Uploaded 0 files (3 already uploaded) (0.68 sec)

✨ Uploading _headers
✨ Uploading Functions bundle
🌎 Deploying...
✨ Deployment complete! Take a peek over at https://c3110d1a.cloudflare-pages-action-a5z.pages.dev
✨ Deployment alias URL: https://dependabot-npm-and-yarn-vite-bnsb.cloudflare-pages-action-a5z.pages.dev