Bump vite from 7.1.6 to 7.1.11 in the npm_and_yarn group across 1 directory

[dependabot]

Bumps the npm_and_yarn group with 1 update in the / directory: vite.

Updates vite from 7.1.6 to 7.1.11

Release notes

Sourced from vite's releases.

v7.1.11

Please refer to CHANGELOG.md for details.

v7.1.10

Please refer to CHANGELOG.md for details.

v7.1.9

Please refer to CHANGELOG.md for details.

v7.1.8

Please refer to CHANGELOG.md for details.

v7.1.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

7.1.11 (2025-10-20)

Bug Fixes

• dev: trim trailing slash before server.fs.deny check (#20968) (f479cc5)

Miscellaneous Chores

• deps: update all non-major dependencies (#20966) (6fb41a2)

Code Refactoring

• use subpath imports for types module reference (#20921) (d0094af)

Build System

• remove cjs reference in files field (#20945) (ef411ce)
• remove hash from built filenames (#20946) (a817307)

7.1.10 (2025-10-14)

Bug Fixes

• css: avoid duplicate style for server rendered stylesheet link and client inline style during dev (#20767) (3a92bc7)
• css: respect emitAssets when cssCodeSplit=false (#20883) (d3e7eee)
• deps: update all non-major dependencies (879de86)
• deps: update all non-major dependencies (#20894) (3213f90)
• dev: allow aliases starting with // (#20760) (b95fa2a)
• dev: remove timestamp query consistently (#20887) (6537d15)
• esbuild: inject esbuild helpers correctly for esbuild 0.25.9+ (#20906) (446eb38)
• normalize path before calling fileToBuiltUrl (#20898) (73b6d24)
• preserve original sourcemap file field when combining sourcemaps (#20926) (c714776)

Documentation

• correct WebSocket spelling (#20890) (29e98dc)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#20923) (a5e3b06)

7.1.9 (2025-10-03)

Reverts

• server: drain stdin when not interactive (#20885) (12d72b0)

7.1.8 (2025-10-02)

Bug Fixes

• css: improve url escape characters handling (#20847) (24a61a3)
• deps: update all non-major dependencies (#20855) (788a183)
• deps: update artichokie to 0.4.2 (#20864) (e670799)

... (truncated)

Commits

• 8b69c9e release: v7.1.11
• f479cc5 fix(dev): trim trailing slash before server.fs.deny check (#20968)
• 6fb41a2 chore(deps): update all non-major dependencies (#20966)
• a817307 build: remove hash from built filenames (#20946)
• ef411ce build: remove cjs reference in files field (#20945)
• d0094af refactor: use subpath imports for types module reference (#20921)
• ed4a0dc release: v7.1.10
• c714776 fix: preserve original sourcemap file field when combining sourcemaps (#20926)
• 446eb38 fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20906)
• 879de86 fix(deps): update all non-major dependencies
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
tools	Ready	Preview	Comment	Oct 20, 2025 11:58pm

💡 Enable Vercel Agent with $100 free credit for automated AI reviews

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/vite	7.1.11	🟢 7.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 7 Found 18/23 approved changesets -- score normalized to 7 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 6 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 7 binaries present in source code License 🟢 10 license file detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/vite	^7.1.11	🟢 7.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 7 Found 18/23 approved changesets -- score normalized to 7 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 6 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 7 binaries present in source code License 🟢 10 license file detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4 Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Files

• package-lock.json
• package.json

[cloudflare-workers-and-pages]

Deploying tools with    Cloudflare Pages

Latest commit:	d477236
Status:	✅  Deploy successful!
Preview URL:	https://0b69abe9.tools-eom.pages.dev
Branch Preview URL:	https://dependabot-npm-and-yarn-npm-wkdp.tools-eom.pages.dev

View logs

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated build tooling dependencies to improve development experience and build reliability.

Walkthrough

Updated the vite development dependency from version ^7.1.6 to ^7.1.11 in package.json. This is a patch-level version bump within the same major and minor version range.

Changes

Cohort / File(s)	Summary
Dependency Update package.json	Bumped vite devDependency from ^7.1.6 to ^7.1.11

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A tiny hop through versions bright,
Vite speeds along to newer heights,
From 7.1.6 to 7.1.11 we climb,
Patch by patch, we're doing fine! 🚀

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The PR title "Bump vite from 7.1.6 to 7.1.11 in the npm_and_yarn group across 1 directory" is directly related to and accurately summarizes the main change in the pull request. The raw summary confirms that the only modification is updating the devDependency "vite" from version ^7.1.6 to ^7.1.11 in package.json. The title is concise, specific, and clearly communicates the primary objective without using vague terminology or noise.
Description Check	✅ Passed	The PR description is clearly related to the changeset and provides comprehensive information about the vite version update from 7.1.6 to 7.1.11. It includes relevant release notes, changelog entries, and commit information for the updated versions, along with Dependabot-specific metadata and commands. The description is not vague or generic; it contains specific details about the dependency update and the changes included in each released version.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/npm_and_yarn/npm_and_yarn-fd296dbd23

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9f62a31 and d477236.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (1 hunks)

🔇 Additional comments (1)

package.json (1)

33-33: I need to search for information about Vite 7.1.11 to verify if there are any known issues with this version.

Approve vite version bump to 7.1.11.

Vite 7 is a smooth update from Vite 6, and patch releases are released as needed, typically every week with bug fixes and no breaking changes expected. The update from ^7.1.6 to ^7.1.11 maintains semantic versioning principles—the caret allows the same flexibility for future patch and minor updates, consistent with other devDependencies.

Verify locally that the application builds and runs correctly:

npm install
npm run build
npm test  # if applicable

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[deepsource-io]

Here's the code health analysis summary for commits 9f62a31..d477236. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
Scala	✅ Success		View Check ↗
Swift	✅ Success		View Check ↗
JavaScript	✅ Success		View Check ↗
Ruby	✅ Success		View Check ↗
C & C++	✅ Success		View Check ↗
C#	✅ Success		View Check ↗
Rust	✅ Success		View Check ↗
Shell	✅ Success		View Check ↗
Terraform	✅ Success		View Check ↗
Test coverage	⚠️ Artifact not reported	Timed out: Artifact was never reported	View Check ↗
SQL	✅ Success		View Check ↗
Secrets	✅ Success		View Check ↗
Ansible	✅ Success		View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[LCSOGthb]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.