chore(deps): update dependency vite to v7 [security] (v11) by renovate[bot] · Pull Request #2514 · intlify/vue-i18n

renovate · 2026-05-22T01:53:37Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
vite (source)	`^6.0.0` → `^7.0.0`
vite (source)	`^6.0.0` → `^7.3.2`

Vite: `server.fs.deny` bypassed with queries

CVE-2026-39364 / GHSA-v2wj-q39q-566r

More information

Details

Summary

The contents of files that are specified by server.fs.deny can be returned to the browser.

Impact

Only apps that match the following conditions are affected:

explicitly exposes the Vite dev server to the network (using --host or server.host config option)
the sensitive file exists in the allowed directories specified by server.fs.allow
the sensitive file is denied with a pattern that matches a file by server.fs.deny

Details

On the Vite dev server, files that should be blocked by server.fs.deny (e.g., .env, *.crt) can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are appended.

PoC

Start the dev server: pnpm exec vite root --host 127.0.0.1 --port 5175 --strictPort
Confirm that server.fs.deny is enforced (expect 403): curl -i http://127.0.0.1:5175/src/.env | head -n 20
Confirm that the same files can be retrieved with query parameters (expect 200):

Severity

CVSS Score: 8.2 / 10 (High)
Vector String: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

vitejs/vite (vite)

`v7.3.2`

Compare Source

Please refer to CHANGELOG.md for details.

`v7.3.1`

Compare Source

Please refer to CHANGELOG.md for details.

`v7.3.0`

Compare Source

Please refer to CHANGELOG.md for details.

`v7.2.7`

Compare Source

`v7.2.6`

Compare Source

7.2.6 (2025-12-01)

`v7.2.4`

Compare Source

Bug Fixes

revert "perf(deps): replace debug with obug (#21107)" (2d66b7b)

`v7.2.3`

Compare Source

Bug Fixes

allow multiple bindCLIShortcuts calls with shortcut merging (#21103) (5909efd)
deps: update all non-major dependencies (#21096) (6a34ac3)
deps: update all non-major dependencies (#21128) (4f8171e)

Performance Improvements

deps: replace debug with obug (#21107) (acfe939)

Miscellaneous Chores

deps: update dependency @rollup/plugin-commonjs to v29 (#21099) (02ceaec)
deps: update rolldown-related dependencies (#21095) (39a0a15)
deps: update rolldown-related dependencies (#21127) (5029720)

`v7.2.2`

Compare Source

Bug Fixes

revert "refactor: use fs.cpSync (#21019)" (#21081) (728c8ee)

`v7.2.1`

Compare Source

Bug Fixes

worker: some worker asset was missing (#21074) (82d2d6c)

Code Refactoring

build: rename indexOfMatchInSlice to findPreloadMarker (#21054) (f83264f)

`v7.2.0`

Compare Source

Bug Fixes

css: fallback to sass when sass-embedded platform binary is missing (#21002) (b1fd616)
module-runner: make getBuiltins response JSON serializable (#21029) (ad5b3bf)
types: add undefined to optional properties for exactOptionalProperties type compatibility (#21040) (2833c55)

Miscellaneous Chores

deps: update rolldown-related dependencies (#21047) (e3a6a83)

`v7.1.12`

Compare Source

Please refer to CHANGELOG.md for details.

`v7.1.11`

Compare Source

Bug Fixes

dev: trim trailing slash before server.fs.deny check (#20968) (f479cc5)

Miscellaneous Chores

deps: update all non-major dependencies (#20966) (6fb41a2)

Code Refactoring

use subpath imports for types module reference (#20921) (d0094af)

Build System

remove cjs reference in files field (#20945) (ef411ce)
remove hash from built filenames (#20946) (a817307)

`v7.1.10`

Compare Source

Bug Fixes

css: avoid duplicate style for server rendered stylesheet link and client inline style during dev (#20767) (3a92bc7)
css: respect emitAssets when cssCodeSplit=false (#20883) (d3e7eee)
deps: update all non-major dependencies (879de86)
deps: update all non-major dependencies (#20894) (3213f90)
dev: allow aliases starting with // (#20760) (b95fa2a)
dev: remove timestamp query consistently (#20887) (6537d15)
esbuild: inject esbuild helpers correctly for esbuild 0.25.9+ (#20906) (446eb38)
normalize path before calling fileToBuiltUrl (#20898) (73b6d24)
preserve original sourcemap file field when combining sourcemaps (#20926) (c714776)

Documentation

correct WebSocket spelling (#20890) (29e98dc)

Miscellaneous Chores

deps: update rolldown-related dependencies (#20923) (a5e3b06)

`v7.1.9`

Compare Source

Reverts

server: drain stdin when not interactive (#20885) (12d72b0)

`v7.1.8`

Compare Source

Bug Fixes

css: improve url escape characters handling (#20847) (24a61a3)
deps: update all non-major dependencies (#20855) (788a183)
deps: update artichokie to 0.4.2 (#20864) (e670799)
dev: skip JS responses for document requests (#20866) (6bc6c4d)
glob: fix HMR for array patterns with exclusions (#20872) (63e040f)
keep ids for virtual modules as-is (#20808) (d4eca98)
server: drain stdin when not interactive (#20837) (bb950e9)
server: improve malformed URL handling in middlewares (#20830) (d65a983)

Documentation

create-vite: provide deno example (#20747) (fdb758a)

Miscellaneous Chores

deps: update rolldown-related dependencies (#20810) (ea68a88)
deps: update rolldown-related dependencies (#20854) (4dd06fd)
update url of create-react-app license (#20865) (166a178)

`v7.1.7`

Compare Source

Bug Fixes

build: fix ssr environment emitAssets: true when sharedConfigBuild: true (#20787) (4c4583c)
client: use CSP nonce when rendering error overlay (#20791) (9bc9d12)
deps: update all non-major dependencies (#20811) (9f2247c)
glob: handle glob imports from folders starting with dot (#20800) (105abe8)
hmr: trigger prune event when import is removed from non hmr module (#20768) (9f32b1d)
hmr: wait for import.meta.hot.prune callbacks to complete before running other HMRs (#20698) (98a3484)

`v7.1.6`

Compare Source

Bug Fixes

deps: update all non-major dependencies (#20773) (88af2ae)
esbuild: inject esbuild helper functions with minified $ variables correctly (#20761) (7e8e004)
fallback terser to main thread when nameCache is provided (#20750) (a679a64)
types: strict env typings fail when skipLibCheck is false (#20755) (cc54e29)

Miscellaneous Chores

deps: update rolldown-related dependencies (#20675) (a67bb5f)
deps: update rolldown-related dependencies (#20772) (d785e72)

`v7.1.5`

Compare Source

Bug Fixes

apply fs.strict check to HTML files (#20736) (14015d7)
deps: update all non-major dependencies (#20732) (122bfba)
upgrade sirv to 3.0.2 (#20735) (09f2b52)

`v7.1.4`

Compare Source

Bug Fixes

add missing awaits (#20697) (79d10ed)
deps: update all non-major dependencies (#20676) (5a274b2)
deps: update all non-major dependencies (#20709) (0401feb)
pass rollup watch options when building in watch mode (#20674) (f367453)

Miscellaneous Chores

remove unused constants entry from rolldown.config.ts (#20710) (537fcf9)

Code Refactoring

remove unnecessary minify parameter from finalizeCss (#20701) (8099582)

`v7.1.3`

Compare Source

Features

cli: add Node.js version warning for unsupported versions (#20638) (a1be1bf)
generate code frame for parse errors thrown by terser (#20642) (a9ba017)
support long lines in generateCodeFrame (#20640) (1559577)

Bug Fixes

deps: update all non-major dependencies (#20634) (4851cab)
optimizer: incorrect incompatible error (#20439) (446fe83)
support multiline new URL(..., import.meta.url) expressions (#20644) (9ccf142)

Performance Improvements

cli: dynamically import resolveConfig (#20646) (f691f57)

Miscellaneous Chores

deps: update rolldown-related dependencies (#20633) (98b92e8)

Code Refactoring

replace startsWith with strict equality (#20603) (42816de)
use import in worker threads (#20641) (530687a)

Tests

remove checkNodeVersion test (#20647) (731d3e6)

`v7.1.2`

Compare Source

Bug Fixes

client: add [vite] prefixes to debug logs (#20595) (7cdef61)
config: make debugger work with bundle loader (#20573) (c583927)
deps: update all non-major dependencies (#20587) (20d4817)
don't consider ids with npm: prefix as a built-in module (#20558) (ab33803)
hmr: watch non-inlined assets referenced by CSS (#20581) (b7d494b)
module-runner: prevent crash when sourceMappingURL pattern appears in string literals (#20554) (2770478)

Miscellaneous Chores

deps: migrate to @jridgewell/remapping from @ampproject/remapping (#20577) (0a6048a)
deps: update rolldown-related dependencies (#20586) (77632c5)

`v7.1.1`

Compare Source

Bug Fixes

dev: trim trailing slash before server.fs.deny check (#20968) (f479cc5)

Miscellaneous Chores

deps: update all non-major dependencies (#20966) (6fb41a2)

Code Refactoring

use subpath imports for types module reference (#20921) (d0094af)

Build System

remove cjs reference in files field (#20945) (ef411ce)
remove hash from built filenames (#20946) (a817307)

`v7.1.0`

Compare Source

Features

support files with more than 1000 lines by generateCodeFrame (#20508) (e7d0b2a)
add import.meta.main support in config (bundle config loader) (#20516) (5d3e3c2)
optimizer: improve dependency optimization error messages with esbuild formatMessages (#20525) (d17cfed)
ssr: add import.meta.main support for Node.js module runner (#20517) (794a8f2)
add future: 'warn' (#20473) (e6aaf17)
add removeServerPluginContainer future deprecation (#20437) (c1279e7)
add removeServerReloadModule future deprecation (#20436) (6970d17)
add server.warmupRequest to future deprecation (#20431) (8ad388a)
add ssrFixStacktrace / ssrRewriteStacktrace to removeSsrLoadModule future deprecation (#20435) (8c8f587)
client: ping from SharedWorker (#19057) (5c97c22)
dev: add this.fs support (#20301) (0fe3f2f)
export defaultExternalConditions (#20279) (344d302)
implement removePluginHookSsrArgument future deprecation (#20433) (95927d9)
implement removeServerHot future deprecation (#20434) (259f45d)
resolve server URLs before calling other listeners (#19981) (45f6443)
ssr: resolve externalized packages with resolve.externalConditions and add module-sync to default external condition (#20409) (c669c52)
ssr: support import.meta.resolve in module runner (#20260) (62835f7)

Bug Fixes

css: avoid warnings for image-set containing __VITE_ASSET__ (#20520) (f1a2635)
css: empty CSS entry points should generate CSS files, not JS files (#20518) (bac9f3e)
dev: denied request stalled when requested concurrently (#20503) (64a52e7)
manifest: initialize entryCssAssetFileNames as an empty Set (#20542) (6a46cda)
skip prepareOutDirPlugin in workers (#20556) (97d5111)
asset: only watch existing files for new URL(, import.meta.url) (#20507) (1b211fd)
client: keep ping on WS constructor error (#20512) (3676da5)
deps: update all non-major dependencies (#20537) (fc9a9d3)
don't resolve as relative for specifiers starting with a dot (#20528) (c5a10ec)
html: allow control character in input stream (#20483) (c12a4a7)
merge old and new noExternal: true correctly (#20502) (9ebe4a5)
deps: update all non-major dependencies (#20489) (f6aa04a)
dev: denied requests overly (#20410) (4be5270)
hmr: register css deps as type: asset (#20391) (7eac8dd)
optimizer: discover correct jsx runtime during scan (#20495) (10d48bb)
preview: set correct host for resolvedUrls (#20496) (62b3e0d)
worker: resolve WebKit compat with inline workers by deferring blob URL revocation (#20460) (8033e5b)

Performance Improvements

client: reduce reload debounce (#20429) (22ad43b)

Miscellaneous Chores

deps: update rolldown-related dependencies (#20536) (8be2787)
deps: update dependency parse5 to v8 (#20490) (744582d)
format (f20addc)
stablize cssScopeTo (#19592) (ced1343)

Code Refactoring

use hook filters in the worker plugin (#20527) (958cdf2)
extract prepareOutDir as a plugin (#20373) (2c4af1f)
extract resolve rollup options (#20375) (61a9778)
rewrite openchrome.applescript to JXA (#20424) (7979f9d)
use http-proxy-3 (#20402) (26d9872)
use hook filters in internal plugins (#20358) (f19c4d7)
use hook filters in internal resolve plugin (#20480) (acd2a13)

Tests

detect ts support via process.features (#20544) (856d3f0)
fix unimportant errors in test-unit (#20545) (1f23554)

Beta Changelogs

Please refer to CHANGELOG.md for details.

`v7.0.7`

Compare Source

Please refer to CHANGELOG.md for details.

`v7.0.6`

Compare Source

Features

support files with more than 1000 lines by generateCodeFrame (#20508) (e7d0b2a)
add import.meta.main support in config (bundle config loader) (#20516) (5d3e3c2)
optimizer: improve dependency optimization error messages with esbuild formatMessages (#20525) (d17cfed)
ssr: add import.meta.main support for Node.js module runner (#20517) (794a8f2)
add future: 'warn' (#20473) (e6aaf17)
add removeServerPluginContainer future deprecation (#20437) (c1279e7)
add removeServerReloadModule future deprecation (#20436) (6970d17)
add server.warmupRequest to future deprecation (#20431) (8ad388a)
add ssrFixStacktrace / ssrRewriteStacktrace to removeSsrLoadModule future deprecation (#20435) (8c8f587)
client: ping from SharedWorker (#19057) (5c97c22)
dev: add this.fs support (#20301) (0fe3f2f)
export defaultExternalConditions (#20279) (344d302)
implement removePluginHookSsrArgument future deprecation (#20433) (95927d9)
implement removeServerHot future deprecation (#20434) (259f45d)
resolve server URLs before calling other listeners (#19981) (45f6443)
ssr: resolve externalized packages with resolve.externalConditions and add module-sync to default external condition (#20409) (c669c52)
ssr: support import.meta.resolve in module runner (#20260) (62835f7)

Bug Fixes

css: avoid warnings for image-set containing __VITE_ASSET__ (#20520) (f1a2635)
css: empty CSS entry points should generate CSS files, not JS files (#20518) (bac9f3e)
dev: denied request stalled when requested concurrently (#20503) (64a52e7)
manifest: initialize entryCssAssetFileNames as an empty Set (#20542) (6a46cda)
skip prepareOutDirPlugin in workers (#20556) (97d5111)
asset: only watch existing files for new URL(, import.meta.url) (#20507) (1b211fd)
client: keep ping on WS constructor error (#20512) (3676da5)
deps: update all non-major dependencies (#20537) (fc9a9d3)
don't resolve as relative for specifiers starting with a dot (#20528) (c5a10ec)
html: allow control character in input stream (#20483) (c12a4a7)
merge old and new noExternal: true correctly (#20502) (9ebe4a5)
deps: update all non-major dependencies (#20489) (f6aa04a)
dev: denied requests overly (#20410) (4be5270)
hmr: register css deps as type: asset (#20391) (7eac8dd)
optimizer: discover correct jsx runtime during scan (#20495) (10d48bb)
preview: set correct host for resolvedUrls (#20496) (62b3e0d)
worker: resolve WebKit compat with inline workers by deferring blob URL revocation (#20460) (8033e5b)

Performance Improvements

client: reduce reload debounce (#20429) (22ad43b)

Miscellaneous Chores

deps: update rolldown-related dependencies (#20536) (8be2787)
deps: update dependency parse5 to v8 (#20490) (744582d)
format (f20addc)
stablize cssScopeTo (#19592) (ced1343)

Code Refactoring

use hook filters in the worker plugin (#20527) (958cdf2)
extract prepareOutDir as a plugin (#20373) (2c4af1f)
extract resolve rollup options (#20375) (61a9778)
rewrite openchrome.applescript to JXA (#20424) (7979f9d)
use http-proxy-3 (#20402) (26d9872)
use hook filters in internal plugins (#20358) (f19c4d7)
use hook filters in internal resolve plugin (#20480) (acd2a13)

Tests

detect ts support via process.features (#20544) (856d3f0)
fix unimportant errors in test-unit (#20545) (1f23554)

Beta Changelogs

7.1.0-beta.1 (2025-08-05)

See 7.1.0-beta.1 changelog

7.1.0-beta.0 (2025-07-30)

See 7.1.0-beta.0 changelog

`v7.0.5`

Compare Source

Bug Fixes

deps: update all non-major dependencies (#20406) (1a1cc8a)
remove special handling for Accept: text/html (#20376) (c9614b9)
watch assets referenced by new URL(, import.meta.url) (#20382) (6bc8bf6)

Miscellaneous Chores

deps: update dependency rolldown to ^1.0.0-beta.27 (#20405) (1165667)

Code Refactoring

use foo.endsWith("bar") instead of /bar$/.test(foo) (#20413) (862e192)

`v7.0.4`

Compare Source

Bug Fixes

allow resolving bare specifiers to relative paths for entries (#20379) (324669c)

Build System

remove @oxc-project/runtime devDep (#20389) (5e29602)

`v7.0.3`

Compare Source

Bug Fixes

client: protect against window being defined but addEv undefined (#20359) (31d1467)
define: replace optional values (#20338) (9465ae1)
deps: update all non-major dependencies (#20366) (43ac73d)

Miscellaneous Chores

deps: update dependency dotenv to v17 (#20325) (45040d4)
deps: update dependency rolldown to ^1.0.0-beta.24 (#20365) (5ab25e7)
use n/prefer-node-protocol rule ([#20368](https:

✂ Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

cloudflare-workers-and-pages · 2026-05-22T01:56:20Z

Deploying vue-i18n-next with Cloudflare Pages

Latest commit:	`c582fd2`
Status:	✅ Deploy successful!
Preview URL:	https://6627243a.vue-i18n-next.pages.dev
Branch Preview URL:	https://renovate-v11-npm-vite-vulner.vue-i18n-next.pages.dev

View logs

pkg-pr-new · 2026-05-22T01:57:20Z

Open in StackBlitz

@intlify/core

npm i https://pkg.pr.new/@intlify/core@2514

@intlify/core-base

npm i https://pkg.pr.new/@intlify/core-base@2514

@intlify/devtools-types

npm i https://pkg.pr.new/@intlify/devtools-types@2514

@intlify/message-compiler

npm i https://pkg.pr.new/@intlify/message-compiler@2514

petite-vue-i18n

npm i https://pkg.pr.new/petite-vue-i18n@2514

@intlify/shared

npm i https://pkg.pr.new/@intlify/shared@2514

vue-i18n

npm i https://pkg.pr.new/vue-i18n@2514

@intlify/vue-i18n-core

npm i https://pkg.pr.new/@intlify/vue-i18n-core@2514

commit: c582fd2

renovate Bot added the Type: Dependency Dependencies fixes label May 22, 2026

renovate Bot force-pushed the renovate/v11-npm-vite-vulnerability branch from bac6222 to 14578ab Compare May 22, 2026 16:31

renovate Bot changed the title ~~chore(deps): update dependency vite to v7 [security] (v11)~~ chore(deps): update dependency vite [security] (v11) May 22, 2026

renovate Bot force-pushed the renovate/v11-npm-vite-vulnerability branch from 14578ab to 8114163 Compare May 22, 2026 21:51

renovate Bot changed the title ~~chore(deps): update dependency vite [security] (v11)~~ chore(deps): update dependency vite to v7 [security] (v11) May 22, 2026

renovate Bot force-pushed the renovate/v11-npm-vite-vulnerability branch from 8114163 to c528094 Compare May 28, 2026 19:59

renovate Bot changed the title ~~chore(deps): update dependency vite to v7 [security] (v11)~~ chore(deps): update dependency vite [security] (v11) May 28, 2026

renovate Bot force-pushed the renovate/v11-npm-vite-vulnerability branch from c528094 to e325d72 Compare May 28, 2026 22:36

renovate Bot changed the title ~~chore(deps): update dependency vite [security] (v11)~~ chore(deps): update dependency vite to v7 [security] (v11) May 28, 2026

renovate Bot force-pushed the renovate/v11-npm-vite-vulnerability branch from e325d72 to c697561 Compare June 1, 2026 19:38

renovate Bot changed the title ~~chore(deps): update dependency vite to v7 [security] (v11)~~ chore(deps): update dependency vite [security] (v11) Jun 1, 2026

renovate Bot force-pushed the renovate/v11-npm-vite-vulnerability branch from c697561 to f5dad2e Compare June 2, 2026 00:57

renovate Bot changed the title ~~chore(deps): update dependency vite [security] (v11)~~ chore(deps): update dependency vite to v7 [security] (v11) Jun 2, 2026

renovate Bot force-pushed the renovate/v11-npm-vite-vulnerability branch from f5dad2e to b0cbb54 Compare June 5, 2026 17:30

renovate Bot changed the title ~~chore(deps): update dependency vite to v7 [security] (v11)~~ chore(deps): update dependency vite [security] (v11) Jun 5, 2026

renovate Bot force-pushed the renovate/v11-npm-vite-vulnerability branch from b0cbb54 to e465ffb Compare June 5, 2026 18:48

renovate Bot changed the title ~~chore(deps): update dependency vite [security] (v11)~~ chore(deps): update dependency vite to v7 [security] (v11) Jun 5, 2026

renovate Bot force-pushed the renovate/v11-npm-vite-vulnerability branch from e465ffb to 8b71ca2 Compare June 11, 2026 14:17

renovate Bot changed the title ~~chore(deps): update dependency vite to v7 [security] (v11)~~ chore(deps): update dependency vite [security] (v11) Jun 11, 2026

renovate Bot force-pushed the renovate/v11-npm-vite-vulnerability branch from 8b71ca2 to d92fd10 Compare June 12, 2026 00:47

renovate Bot changed the title ~~chore(deps): update dependency vite [security] (v11)~~ chore(deps): update dependency vite to v7 [security] (v11) Jun 12, 2026

renovate Bot force-pushed the renovate/v11-npm-vite-vulnerability branch from d92fd10 to f71289e Compare June 18, 2026 02:11

renovate Bot changed the title ~~chore(deps): update dependency vite to v7 [security] (v11)~~ chore(deps): update dependency vite [security] (v11) Jun 18, 2026

chore(deps): update dependency vite to v7 [security]

c582fd2

renovate Bot force-pushed the renovate/v11-npm-vite-vulnerability branch from f71289e to c582fd2 Compare June 19, 2026 05:37

renovate Bot changed the title ~~chore(deps): update dependency vite [security] (v11)~~ chore(deps): update dependency vite to v7 [security] (v11) Jun 19, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

chore(deps): update dependency vite to v7 [security] (v11)#2514

chore(deps): update dependency vite to v7 [security] (v11)#2514
renovate[bot] wants to merge 1 commit into
v11from
renovate/v11-npm-vite-vulnerability

renovate Bot commented May 22, 2026 •

edited

Loading

Uh oh!

cloudflare-workers-and-pages Bot commented May 22, 2026 •

edited

Loading

Uh oh!

pkg-pr-new Bot commented May 22, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Uh oh!

Conversation

renovate Bot commented May 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Vite: server.fs.deny bypassed with queries

Details

Summary

Impact

Details

PoC

Severity

References

Release Notes

7.2.6 (2025-12-01)

Bug Fixes

Bug Fixes

Performance Improvements

Miscellaneous Chores

Bug Fixes

Bug Fixes

Code Refactoring

Bug Fixes

Miscellaneous Chores

Bug Fixes

Miscellaneous Chores

Code Refactoring

Build System

Bug Fixes

Documentation

Miscellaneous Chores

Reverts

Bug Fixes

Documentation

Miscellaneous Chores

Bug Fixes

Bug Fixes

Miscellaneous Chores

Bug Fixes

Bug Fixes

Miscellaneous Chores

Code Refactoring

Features

Bug Fixes

Performance Improvements

Miscellaneous Chores

Code Refactoring

Tests

Bug Fixes

Miscellaneous Chores

Bug Fixes

Miscellaneous Chores

Code Refactoring

Build System

Features

Bug Fixes

Performance Improvements

Miscellaneous Chores

Code Refactoring

Tests

Beta Changelogs

7.1.0-beta.1 (2025-08-05)

7.1.0-beta.0 (2025-07-30)

Features

Bug Fixes

Performance Improvements

Miscellaneous Chores

Code Refactoring

Tests

Beta Changelogs

7.1.0-beta.1 (2025-08-05)

7.1.0-beta.0 (2025-07-30)

Bug Fixes

Miscellaneous Chores

Code Refactoring

Bug Fixes

Build System

Bug Fixes

Miscellaneous Chores

Configuration

renovate Bot commented May 22, 2026 •

edited

Loading

Vite: `server.fs.deny` bypassed with queries

cloudflare-workers-and-pages Bot commented May 22, 2026 •

edited

Loading

pkg-pr-new Bot commented May 22, 2026 •

edited

Loading