chore(deps): update dependency vite [security] #9708

coderabbitai · 2025-11-08T18:36:44Z

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🔴 Critical: Unmet peer dependency — [email protected] incompatible with vite 5

[email protected] declares a peer constraint of vite ^2 || ^3 || ^4. Upgrading vite to ^5.4.21 (line 18) while keeping [email protected] (line 19) causes npm install to fail with an ERESOLVE error, breaking the dev server and build for this example.

This example is on Vue 2.6, which is incompatible with the maintained @vitejs/plugin-vue2. Choose one fix:

Revert vite to ^4.x if this example should remain on Vue 2.6

Upgrade to Vue 2.7, migrate to @vitejs/plugin-vue2, and optionally upgrade vite to ^7.2.2 per the PR objective

Option 1: Keep Vue 2.6 — revert vite to compatible version

"devDependencies": { "typescript": "5.8.3", - "vite": "^5.4.21", + "vite": "^4.5.14", "vite-plugin-vue2": "2.0.3" }

Option 2: Migrate to Vue 2.7 and @vitejs/plugin-vue2 (aligns with PR objective of vite 7)

"dependencies": { "@tanstack/vue-query": "^5.90.2", "@vue/composition-api": "1.7.2", - "vue": "2.6.14", - "vue-template-compiler": "2.6.14" + "vue": "2.7.16", + "vue-template-compiler": "2.7.16" }, "devDependencies": { "typescript": "5.8.3", - "vite": "^5.4.21", - "vite-plugin-vue2": "2.0.3" + "vite": "^7.2.2", + "@vitejs/plugin-vue2": "^2.4.0" }

Then update vite.config.js to import and use @vitejs/plugin-vue2 instead of vite-plugin-vue2.

Please clarify whether this example should remain on Vue 2.6 or migrate to 2.7 to align with the PR security update goal.

[/web_search]

[/web_search]

[/run_scripts]

🏁 Script executed:

#!/bin/bash # Check vite.config.js in this example cat examples/vue/2.6-basic/vite.config.js 2>/dev/null || echo "File not found"

Length of output: 14

🏁 Script executed:

#!/bin/bash # Check full package.json structure to understand dependencies cat examples/vue/2.6-basic/package.json

Length of output: 459

🏁 Script executed:

#!/bin/bash # Search for any Vue version upgrade notes or strategic comments in this example find examples/vue/2.6-basic -type f \( -name "*.md" -o -name "*.txt" -o -name "README*" \) 2>/dev/null | head -5

Length of output: 32

🌐 Web query:

vite-plugin-vue2 2.0.3 peer dependencies vite

💡 Result:

[email protected] declares a peerDependency on vite >= 2.0.0. [1][2]

Sources:

Libraries.io package page for vite-plugin-vue2. [1]

Socket / npm package metadata listing (vite peer requirement). [2]

🌐 Web query:

@vitejs/plugin-vue2 vite 7 compatibility

💡 Result:

Short answer: Likely yes — @vitejs/plugin-vue2 works with Vue 2.7 and is listed as an official Vite plugin, and there’s no public documentation saying it’s incompatible with Vite 7. However the plugin targets Vue 2.7 and is no longer actively maintained, so you may hit peer-dependency or plugin-API breakages when upgrading to Vite 7; other official/community plugins have already needed updates for Vite 7. Test in a branch and pin versions (or use a patched fork) if you hit issues. [1][2][3][4]

Sources

@vitejs/plugin-vue2 (README / npm / GitHub): plugin for Vue 2.7 (official plugin, not actively maintained). [1][2]

Vite breaking-changes / plugins notes (Vite 7 introduced API/peer changes; other plugins needed updates — e.g. Tailwind plugin peer-dep issue). [3][4]

If you want I can:

check the plugin’s package.json for any strict vite peerDependency, or

run a quick compatibility checklist (common failure points) against Vite 7 for you.

[/web_search]

[/run_scripts]

🏁 Script executed:

#!/bin/bash # Read the README for strategic context cat examples/vue/2.6-basic/README.md

Length of output: 148

🏁 Script executed:

#!/bin/bash # Check npm registry directly for [email protected] exact peer constraint curl -s https://registry.npmjs.org/vite-plugin-vue2/2.0.3 | python3 -c "import sys, json; data=json.load(sys.stdin); print(json.dumps(data.get('peerDependencies', {}), indent=2))" 2>/dev/null || echo "Could not fetch from npm registry"

Length of output: 79

🌐 Web query:

@vitejs/plugin-vue2 2.4.0 peerDependencies vite version

💡 Result:

Do you want me to look up which Vite version is listed in the peerDependencies for @vitejs/[email protected]? (I can fetch the package.json and cite the source.)

[/run_scripts]

🏁 Script executed:

#!/bin/bash # Fetch @vitejs/plugin-vue2 latest version info from npm registry curl -s https://registry.npmjs.org/@vitejs/plugin-vue2 | python3 -c "import sys, json; data=json.load(sys.stdin); latest=data['dist-tags'].get('latest', ''); print(f'Latest version: {latest}'); pkg=data['versions'].get(latest, {}); print(json.dumps(pkg.get('peerDependencies', {}), indent=2))"

Length of output: 105

🏁 Script executed:

#!/bin/bash # Verify Vue 2.7.16 compatibility with @tanstack/vue-query curl -s https://registry.npmjs.org/@tanstack/vue-query/5.90.2 | python3 -c "import sys, json; data=json.load(sys.stdin); deps=data.get('peerDependencies', {}); print('Peer dependencies:'); print(json.dumps(deps, indent=2))"

Length of output: 86

🔴 Critical: Vite-plugin-vue2 incompatible with vite 5 — version error in Option 2, and vite.config.js must be created

[email protected] declares peer constraint "vite": "^2.0.0 || ^3.0.0 || ^4.0.0". Upgrading vite to ^5.4.21 (line 18) while keeping [email protected] (line 19) causes npm install to fail with an ERESOLVE error, breaking this example's dev server and build.

Two valid paths exist:

Option 1: Keep Vue 2.6 — revert vite to ^4.x

"devDependencies": { "typescript": "5.8.3", - "vite": "^5.4.21", + "vite": "^4.5.14", "vite-plugin-vue2": "2.0.3" }

Option 2: Migrate to Vue 2.7 and @vitejs/plugin-vue2

@vitejs/plugin-vue2 latest (2.3.4) supports "vite": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0", and @tanstack/[email protected] supports "vue": "^2.6.0", making Vue 2.7.16 compatible.

Update package.json:

"dependencies": { "@tanstack/vue-query": "^5.90.2", "@vue/composition-api": "1.7.2", - "vue": "2.6.14", - "vue-template-compiler": "2.6.14" + "vue": "2.7.16", + "vue-template-compiler": "2.7.16" }, "devDependencies": { "typescript": "5.8.3", - "vite": "^5.4.21", - "vite-plugin-vue2": "2.0.3" + "vite": "^7.2.2", + "@vitejs/plugin-vue2": "^2.3.4" }

Create vite.config.js (file does not currently exist):

import { defineConfig } from 'vite' import createVuePlugin from '@vitejs/plugin-vue2' export default defineConfig({ plugins: [createVuePlugin()] })

Clarify whether this example should remain on Vue 2.6 (requiring Option 1) or migrate to 2.7 (Option 2).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

chore(deps): update dependency vite [security] #9708

Diff view

Diff view

There are no files selected for viewing

coderabbitai bot Nov 8, 2025

Uh oh!

Uh oh!

Uh oh!

-Original file line number
+Diff line change
@@ Expand Up / @@ -15,7 +15,7 @@ @@
       },
       "devDependencies": {
         "typescript": "5.8.3",
-        "vite": "^4.5.14",
+        "vite": "^5.4.21",
         "vite-plugin-vue2": "2.0.3"
       }
     }

Uh oh!

chore(deps): update dependency vite [security] #9708

Are you sure you want to change the base?

chore(deps): update dependency vite [security] #9708

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

coderabbitai bot Nov 8, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!