chore(deps-dev): bump vite from 6.4.1 to 6.4.2

[dependabot]

Bumps vite from 6.4.1 to 6.4.2.

Release notes

Sourced from vite's releases.

v6.4.2

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.4.2 (2026-04-06)

• fix: apply server.fs check to env transport (#22159) (#22163) (fe28e47), closes #22159 #22163
• fix: avoid path traversal with optimize deps sourcemap handler (#22161) (ca4da5d), closes #22161

Commits

• 6b3fad0 release: v6.4.2
• ca4da5d fix: avoid path traversal with optimize deps sourcemap handler (#22161)
• fe28e47 fix: apply server.fs check to env transport (#22159) (#22163)
• 5487f4f release: v6.4.1
• 1114b5d fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969)
• f12697c release: v6.4.0
• ca6455e feat: allow passing down resolved config to vite's createServer (#20932)
• 0e173d8 release: v6.3.7
• c59a222 fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940)
• 3f337c5 release: v6.3.6
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

🤖 AI PR Validation Report

PR Review Results

Thank you for your submission! Here's detailed feedback on your PR title and body compliance:

✅ PR Title

• Current: chore(deps-dev): bump vite from 6.4.1 to 6.4.2
• Issue: None — title is clear and follows conventional commit style for a dependency bump.
• Recommendation: Keep as-is. (Good: specifies the package and version change.)

---

❌ Commit Type

• The PR body does not follow the repository's required PR body template and does not include the explicit "Commit Type" checklist selection.
• Note: From the title this is a chore (dependency update). Please add the PR template's Commit Type section and select exactly one box. Example: - [x] chore.

---

❌ Risk Level

• Assessment: The PR body did not include the required Risk Level section. The PR also has no risk label (expected one of risk:low, risk:medium, risk:high).
• Advised risk: Low — this is a patch/minor dependency bump of vite (6.4.1 → 6.4.2) and supporting lockfile updates. The changes are primarily dev dependency and lockfile updates across apps/libs. However the diff also updates rollup, esbuild, and introduces/updates lightningcss optional binaries in the lockfile; those are commonly low-risk but can affect builds, so run CI + build validation.
• Recommendation: Add the Risk Level section to the PR body and select exactly one option. Then add the corresponding label to the PR (example: add label risk:low). If you disagree with the advised risk (e.g., you know this change impacts runtime or release pipelines), explain why and choose higher risk and the matching label.

---

❌ What & Why

• Current: (Dependabot auto-generated changelog & release notes)
• Issue: The repository expects a short "What & Why" section following the template. The Dependabot notes are helpful but do not fill the template fields.
• Recommendation: Replace or augment the PR body with a concise PR template "What & Why". Example text to paste into the PR body:
  • What & Why: "Bumps vite from 6.4.1 to 6.4.2 across apps/libs to pull in bug fixes (server.fs/security/path-traversal fixes) and dependency alignments. This is a dev dependency bump and updates pnpm lock entries accordingly."

---

❌ Impact of Change

• Issue: The PR body does not provide the Impact of Change section required by the template.
• Recommendation: Add Impact of Change with short bullets. Suggested content based on the diff:
  • Users: None (no runtime user-facing changes; dev/build tooling only).
  • Developers: Build/tooling may be affected — ensure local builds and dev server work after the upgrade.
  • System: CI/build agents may pull updated optional native binaries (esbuild, rollup, lightningcss). Verify CI caches and build containers still work.

---

❌ Test Plan

• Assessment: The PR does not include the Test Plan checklist or any explanation for manual testing.
• Issue: For dependency bumps, the repo requires CI and/or local verification notes. No unit/E2E tests were added (expected for dependency bumps), but there is no test plan/validation described.
• Recommendation: Add a Test Plan section. At minimum, indicate CI status and steps you ran locally. Example checklist and steps to paste:
  • Unit tests added/updated (not applicable)
  • E2E tests added/updated (not applicable)
  • Manual testing completed
  • Manual testing steps: yarn install / pnpm install → pnpm -w build → pnpm -w test → start dev server pnpm --filter apps/Standalone dev and verify onboarding pages load. Attach CI run link or results.

If tests are intentionally omitted, add a short justification (e.g., "no code changes, only dev dependency bump; CI runs will validate builds").

⚠️ Contributors

• Assessment: Contributors section is blank. This is optional but recommended.
• Recommendation: Add a short Contributors section if other team members reviewed or helped. If none, you can leave blank, but consider crediting reviewers when appropriate.

---

⚠️ Screenshots/Videos

• Assessment: Not applicable (no UI changes). Optional to include.
• Recommendation: No screenshots required.

---

Summary Table

Section	Status	Recommendation
Title	✅	Keep title as-is: chore(deps-dev): bump vite from 6.4.1 to 6.4.2
Commit Type	❌	Add Commit Type to PR body and check exactly one box; e.g., - [x] chore
Risk Level	❌	Add Risk Level section and label PR risk:low (or explain why higher)
What & Why	❌	Add brief What & Why (one-liner + reason) — see recommended text above
Impact of Change	❌	Add Impact bullets: Users/Developers/System — see recommended text above
Test Plan	❌	Add Test Plan + CI verification steps (see recommendation)
Contributors	⚠️	Optional: add contributors if anyone else contributed reviews/ideas
Screenshots/Videos	⚠️	Not required for dependency bump

---

Final message:
This PR cannot pass the repository PR-body checks because the required PR template sections are missing (Commit Type, Risk Level, What & Why, Impact, Test Plan). The code changes themselves are a dependency bump that appears low risk, but please do the following to make the PR acceptable:

1. Edit the PR description to include the repository PR template sections. Use the suggested copy above for What & Why, Impact, and Test Plan.
2. Select exactly one Commit Type (e.g., chore) and exactly one Risk Level (based on my assessment, choose Low and add label risk:low).
3. Add a Test Plan entry describing the CI status and the local validation steps you ran (build, run dev server, run tests). If CI already ran green, add that link or note.
4. If you want extra assurance, run the build matrix and post the results or include a note that CI passed for main branches.

Once you update the PR body and add the appropriate risk label, re-request review and CI can validate the bump. Thank you!

---

Last updated: Tue, 07 Apr 2026 04:31:28 GMT

[github-actions]

📊 Coverage Check

No source files changed in this PR.