Latest Results
chore(deps): update dependency vite-plus to v0.1.22 (#1138)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Adoption](https://docs.renovatebot.com/merge-confidence/) |
[Passing](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|---|---|
| [vite-plus](https://viteplus.dev/guide)
([source](https://redirect.github.com/voidzero-dev/vite-plus/tree/HEAD/packages/cli))
| [`0.1.21` →
`0.1.22`](https://renovatebot.com/diffs/npm/vite-plus/0.1.21/0.1.22) |
|
|
|
|
---
### Release Notes
<details>
<summary>voidzero-dev/vite-plus (vite-plus)</summary>
###
[`v0.1.22`](https://redirect.github.com/voidzero-dev/vite-plus/releases/tag/v0.1.22):
vite-plus v0.1.22
[Compare
Source](https://redirect.github.com/voidzero-dev/vite-plus/compare/v0.1.21...v0.1.22)
A critical Vitest browser-mode security fix, parallel `vp add -g`
installs, a built-in oxlint rule to prefer `vite-plus` imports, and a
new `--git` switch for `vp create`.
##### Highlights
- **Security**: bundled `vitest` bumped to `4.1.6` to address
[GHSA-2h32-95rg-cppp](https://redirect.github.com/vitest-dev/vitest/security/advisories/GHSA-2h32-95rg-cppp)
(Critical, CVSS 9.6), an XSS to RCE chain via the `otelCarrier` query
parameter in Vitest browser mode
([#​1633](https://redirect.github.com/voidzero-dev/vite-plus/pull/1633))
- **Parallel global install**: `vp add/install/update -g` now installs
packages concurrently with a progress bar and a `--concurrency` flag
(default 5)
([#​1597](https://redirect.github.com/voidzero-dev/vite-plus/pull/1597))
- **Prefer vite-plus imports**: new bundled oxlint rule rewrites
`vite`/`vitest` imports to `vite-plus`, enabled by default in generated
and migrated `lint` configs
([#​1408](https://redirect.github.com/voidzero-dev/vite-plus/pull/1408))
- **Git init on scaffold**: `vp create` learns `--git`/`--no-git`
(interactive prompt; auto-commits "Initial commit from Vite+")
([#​1484](https://redirect.github.com/voidzero-dev/vite-plus/pull/1484))
##### Features
- Spawn npm for global installation in parallel with a progress bar and
a `--concurrency` option
([#​1597](https://redirect.github.com/voidzero-dev/vite-plus/pull/1597)),
by [@​liangmiQwQ](https://redirect.github.com/liangmiQwQ)
- Add bundled oxlint rule to prefer `vite-plus` imports over
`vite`/`vitest`
([#​1408](https://redirect.github.com/voidzero-dev/vite-plus/pull/1408)),
by [@​Han5991](https://redirect.github.com/Han5991)
- `vp create`: initialize a git repository and create an initial commit
on scaffold
([#​1484](https://redirect.github.com/voidzero-dev/vite-plus/pull/1484)),
by [@​ryohidaka](https://redirect.github.com/ryohidaka)
- `vp create`: rename underscore-prefixed files (`_gitignore`, `_npmrc`,
`_yarnrc.yml`) to dotfiles for `@org/create` bundled templates
([#​1574](https://redirect.github.com/voidzero-dev/vite-plus/pull/1574)),
by [@​jong-kyung](https://redirect.github.com/jong-kyung)
- Add `VP_PR_VERSION` env var to install unreleased PR builds via
pkg.pr.new
([#​1578](https://redirect.github.com/voidzero-dev/vite-plus/pull/1578)),
by [@​fengmk2](https://redirect.github.com/fengmk2)
##### Fixes & Enhancements
- Skip merging standalone `.oxfmtrc`/`.oxlintrc` config when the
`fmt:`/`lint:` key is already declared in `vite.config.ts` (fixes
duplicate-block regression in `vp create fate`)
([#​1601](https://redirect.github.com/voidzero-dev/vite-plus/pull/1601)),
by [@​fengmk2](https://redirect.github.com/fengmk2)
- Suppress the `VITE+ - The Unified Toolchain for the Web` banner for
`vp lint --lsp`, `vp fmt --lsp`, and `vp fmt --stdin-filepath` so stdout
stays a pure LSP / formatter stream
([#​1619](https://redirect.github.com/voidzero-dev/vite-plus/pull/1619)),
by [@​fengmk2](https://redirect.github.com/fengmk2)
- `vp create`: detect output directory when running in the current
directory
([#​1606](https://redirect.github.com/voidzero-dev/vite-plus/pull/1606)),
by [@​jong-kyung](https://redirect.github.com/jong-kyung)
- `vp update -g`: skip installs when the recorded global package version
already matches the npm-resolved version, and tolerate string/array
outputs from `npm view ... version --json`
([#​1596](https://redirect.github.com/voidzero-dev/vite-plus/pull/1596)),
by [@​leno23](https://redirect.github.com/leno23)
- `vp create`: preserve single-segment project path in
`updateWorkspaceConfig`
([#​1582](https://redirect.github.com/voidzero-dev/vite-plus/pull/1582)),
by [@​jong-kyung](https://redirect.github.com/jong-kyung)
- `vp env use`: keep the change session-scoped on Windows
([#​1577](https://redirect.github.com/voidzero-dev/vite-plus/pull/1577)),
by [@​fengmk2](https://redirect.github.com/fengmk2)
- `vp rebuild`: accept positional package names
([#​1564](https://redirect.github.com/voidzero-dev/vite-plus/pull/1564)),
by [@​fengmk2](https://redirect.github.com/fengmk2)
- Adopt the new vite-task error formatter; errors now print as `error:
<top-level>` plus `* <source>` chain lines, with bold-red highlight on a
TTY
([vite-task#390](https://redirect.github.com/voidzero-dev/vite-task/pull/390)),
by [@​branchseer](https://redirect.github.com/branchseer)
- vite-task: forward `LOCALAPPDATA` so Node's compile cache stays
outside the workspace on Windows
([vite-task#389](https://redirect.github.com/voidzero-dev/vite-task/pull/389)),
by [@​branchseer](https://redirect.github.com/branchseer)
- Bump vite-task to `c945cc0`
([#​1628](https://redirect.github.com/voidzero-dev/vite-plus/pull/1628)),
by [@​branchseer](https://redirect.github.com/branchseer)
##### Refactor
- Revert `vp pm plugin` command (per discussion in
[#​1038](https://redirect.github.com/voidzero-dev/vite-plus/issues/1038))
([#​1623](https://redirect.github.com/voidzero-dev/vite-plus/pull/1623)),
by [@​jong-kyung](https://redirect.github.com/jong-kyung)
##### Docs
- Add `vitepress-plugin-llms` to the docs site so the published docs
include LLM-friendly outputs (`/llms.txt`)
([#​1625](https://redirect.github.com/voidzero-dev/vite-plus/pull/1625)),
by [@​jong-kyung](https://redirect.github.com/jong-kyung)
- Refresh home stats for oxlint, vite, and vitest
([#​1512](https://redirect.github.com/voidzero-dev/vite-plus/pull/1512)),
by [@​nozomee](https://redirect.github.com/nozomee)
- Mention `vp env doctor` in agent instructions
([#​1603](https://redirect.github.com/voidzero-dev/vite-plus/pull/1603)),
by [@​leno23](https://redirect.github.com/leno23)
##### Chore
- Consolidate the upstream build chain into a single `pnpm build` script
(justfile recipe now just calls `pnpm build`)
([#​1626](https://redirect.github.com/voidzero-dev/vite-plus/pull/1626)),
by [@​fengmk2](https://redirect.github.com/fengmk2)
- Fix bootstrap-cli on Windows
([#​1583](https://redirect.github.com/voidzero-dev/vite-plus/pull/1583)),
by [@​fengmk2](https://redirect.github.com/fengmk2)
- Refresh trusted stack stats
([#​1573](https://redirect.github.com/voidzero-dev/vite-plus/pull/1573),
[#​1616](https://redirect.github.com/voidzero-dev/vite-plus/pull/1616)),
by
[@​voidzero-guard](https://redirect.github.com/voidzero-guard)\[bot]
- Update GitHub Actions
([#​1611](https://redirect.github.com/voidzero-dev/vite-plus/pull/1611),
[#​1612](https://redirect.github.com/voidzero-dev/vite-plus/pull/1612)),
by [@​renovate](https://redirect.github.com/renovate)\[bot]
- Address zizmor findings in composite actions and the release workflow;
drop unused `actions-cool/issues-helper`
([#​1630](https://redirect.github.com/voidzero-dev/vite-plus/pull/1630)),
by [@​Boshen](https://redirect.github.com/Boshen)
- Switch plain checkouts to `taiki-e/checkout-action`
([#​1620](https://redirect.github.com/voidzero-dev/vite-plus/pull/1620)),
by [@​Boshen](https://redirect.github.com/Boshen)
- Switch release to a version-bump PR + push trigger flow
([#​1575](https://redirect.github.com/voidzero-dev/vite-plus/pull/1575)),
by [@​Boshen](https://redirect.github.com/Boshen)
- Gate release publish on environment approval with a Discord notice
([#​1571](https://redirect.github.com/voidzero-dev/vite-plus/pull/1571)),
by [@​Boshen](https://redirect.github.com/Boshen)
- Enable `cargo clippy` with `-D warnings`
([#​1579](https://redirect.github.com/voidzero-dev/vite-plus/pull/1579)),
by [@​Boshen](https://redirect.github.com/Boshen)
- Drop unused `setup-node` from the version-check job
([#​1600](https://redirect.github.com/voidzero-dev/vite-plus/pull/1600)),
by [@​fengmk2](https://redirect.github.com/fengmk2)
- Add Void deploy workflows for the docs site
([#​1590](https://redirect.github.com/voidzero-dev/vite-plus/pull/1590)),
by [@​fengmk2](https://redirect.github.com/fengmk2)
- Add `--help` case to config snap tests for npm10/yarn1/yarn4
([#​1585](https://redirect.github.com/voidzero-dev/vite-plus/pull/1585)),
by [@​jong-kyung](https://redirect.github.com/jong-kyung)
- Add `--help` case to publish snap tests for npm10/yarn1/yarn4
([#​1584](https://redirect.github.com/voidzero-dev/vite-plus/pull/1584)),
by [@​jong-kyung](https://redirect.github.com/jong-kyung)
- Verify `.gitignore` and `.yarnrc.yml` in the new-vite-monorepo snap
([#​1576](https://redirect.github.com/voidzero-dev/vite-plus/pull/1576)),
by [@​jong-kyung](https://redirect.github.com/jong-kyung)
- vite-task: bump pnpm to `11.1.2`
([vite-task#383](https://redirect.github.com/voidzero-dev/vite-task/pull/383)),
by [@​branchseer](https://redirect.github.com/branchseer)
- vite-task: update lint-staged to v17
([vite-task#385](https://redirect.github.com/voidzero-dev/vite-task/pull/385)),
by [@​renovate](https://redirect.github.com/renovate)\[bot]
##### Bundled Versions
| Tool | Version | Source |
| --------------- | -------- |
-------------------------------------------------------------------------------------------------
|
| vite | `8.0.11` |
[`66f3194`](https://redirect.github.com/vitejs/vite/commit/66f3194aa8e59924562575f0a98e7f4ae0acdd89)
|
| rolldown | `1.0.0` |
[`ac5c710`](https://redirect.github.com/rolldown/rolldown/commit/ac5c71025a639d394a0db9c3a921b7eda5d71a88)
|
| tsdown | `0.22.0` | [npm](https://npmx.dev/package/tsdown/v/0.22.0) |
| vitest | `4.1.6` | [npm](https://npmx.dev/package/vitest/v/4.1.6) |
| oxlint | `1.63.0` | [npm](https://npmx.dev/package/oxlint/v/1.63.0) |
| oxlint-tsgolint | `0.22.1` |
[npm](https://npmx.dev/package/oxlint-tsgolint/v/0.22.1) |
| oxfmt | `0.48.0` | [npm](https://npmx.dev/package/oxfmt/v/0.48.0) |
##### New Contributors
Welcome to all new contributors! :tada:
[@​nozomee](https://redirect.github.com/nozomee),
[@​ryohidaka](https://redirect.github.com/ryohidaka),
[@​leno23](https://redirect.github.com/leno23)
**Full Changelog**:
<https://github.com/voidzero-dev/vite-plus/compare/v0.1.21...v0.1.22>
##### Published Packages
- `@voidzero-dev/vite-plus-core@0.1.22`
- `@voidzero-dev/vite-plus-test@0.1.22`
- `vite-plus@0.1.22`
##### Installation
**macOS/Linux:**
```bash
curl -fsSL https://vite.plus | bash
```
**Windows:**
```powershell
irm https://vite.plus/ps1 | iex
```
Or download and run `vp-setup.exe` from the assets below.
</details>
---
### Configuration
📅 **Schedule**: (in timezone Asia/Shanghai)
- Branch creation
- At any time (no schedule defined)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/oxc-project/oxc-resolver).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODUuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE4NS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Latest Branches
+4%
release-plz-2026-03-02T05-19-13Z +3%
+4%
perf/reduce-tsconfig-lookup © 2026 CodSpeed Technology