build(deps-dev): bump vite and astro

[dependabot]

Bumps vite and astro. These dependencies needed to be updated together.
Updates vite from 4.2.1 to 7.1.5

Release notes

Sourced from vite's releases.

v7.1.5

Please refer to CHANGELOG.md for details.

v7.1.4

Please refer to CHANGELOG.md for details.

v7.1.3

Please refer to CHANGELOG.md for details.

v7.1.2

Please refer to CHANGELOG.md for details.

v7.1.1

Please refer to CHANGELOG.md for details.

create-vite@7.1.1

Please refer to CHANGELOG.md for details.

plugin-legacy@7.1.0

Please refer to CHANGELOG.md for details.

create-vite@7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0

Please refer to CHANGELOG.md for details.

v7.1.0-beta.1

Please refer to CHANGELOG.md for details.

v7.1.0-beta.0

Please refer to CHANGELOG.md for details.

v7.0.7

Please refer to CHANGELOG.md for details.

v7.0.6

Please refer to CHANGELOG.md for details.

v7.0.5

Please refer to CHANGELOG.md for details.

v7.0.4

Please refer to CHANGELOG.md for details.

v7.0.3

Please refer to CHANGELOG.md for details.

create-vite@7.0.3

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

7.1.5 (2025-09-08)

Bug Fixes

• apply fs.strict check to HTML files (#20736) (14015d7)
• deps: update all non-major dependencies (#20732) (122bfba)
• upgrade sirv to 3.0.2 (#20735) (09f2b52)

7.1.4 (2025-09-01)

Bug Fixes

• add missing awaits (#20697) (79d10ed)
• deps: update all non-major dependencies (#20676) (5a274b2)
• deps: update all non-major dependencies (#20709) (0401feb)
• pass rollup watch options when building in watch mode (#20674) (f367453)

Miscellaneous Chores

• remove unused constants entry from rolldown.config.ts (#20710) (537fcf9)

Code Refactoring

• remove unnecessary minify parameter from finalizeCss (#20701) (8099582)

7.1.3 (2025-08-19)

Features

• cli: add Node.js version warning for unsupported versions (#20638) (a1be1bf)
• generate code frame for parse errors thrown by terser (#20642) (a9ba017)
• support long lines in generateCodeFrame (#20640) (1559577)

Bug Fixes

• deps: update all non-major dependencies (#20634) (4851cab)
• optimizer: incorrect incompatible error (#20439) (446fe83)
• support multiline new URL(..., import.meta.url) expressions (#20644) (9ccf142)

Performance Improvements

• cli: dynamically import resolveConfig (#20646) (f691f57)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#20633) (98b92e8)

Code Refactoring

• replace startsWith with strict equality (#20603) (42816de)
• use import in worker threads (#20641) (530687a)

Tests

... (truncated)

Commits

• 5647540 release: v7.1.5
• 09f2b52 fix: upgrade sirv to 3.0.2 (#20735)
• 14015d7 fix: apply fs.strict check to HTML files (#20736)
• 122bfba fix(deps): update all non-major dependencies (#20732)
• bcc3144 release: v7.1.4
• 0401feb fix(deps): update all non-major dependencies (#20709)
• 537fcf9 chore: remove unused constants entry from rolldown.config.ts (#20710)
• 79d10ed fix: add missing awaits (#20697)
• 8099582 refactor: remove unnecessary minify parameter from finalizeCss (#20701)
• f367453 fix: pass rollup watch options when building in watch mode (#20674)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vite since your current version.

Updates astro from 2.2.3 to 5.13.7

Release notes

Sourced from astro's releases.

astro@5.13.7

Patch Changes

• #14330 72e14ab Thanks @​ascorbic! - Removes pinned package that is no longer needed.

• #14335 17c7b03 Thanks @​florian-lefebvre! - Bumps sharp minimal version to 0.34.0

astro@5.13.6

Patch Changes

• #14294 e005855 Thanks @​martrapp! - Restores the ability to use Google Analytics History change trigger with the <ClientRouter />.

• #14326 c24a8f4 Thanks @​jsparkdev! - Updates vite version to fix CVE

• #14108 218e070 Thanks @​JusticeMatthew! - Updates dynamic route split regex to avoid infinite retries/exponential complexity

• #14327 c1033be Thanks @​ascorbic! - Pins simple-swizzle to avoid compromised version

astro@5.13.5

Patch Changes

• #14286 09c5db3 Thanks @​ematipico! - BREAKING CHANGES only to the experimental CSP feature

  The following runtime APIs of the Astro global have been renamed:

  • Astro.insertDirective to Astro.csp.insertDirective
  • Astro.insertStyleResource to Astro.csp.insertStyleResource
  • Astro.insertStyleHash to Astro.csp.insertStyleHash
  • Astro.insertScriptResource to Astro.csp.insertScriptResource
  • Astro.insertScriptHash to Astro.csp.insertScriptHash

  The following runtime APIs of the APIContext have been renamed:

  • ctx.insertDirective to ctx.csp.insertDirective
  • ctx.insertStyleResource to ctx.csp.insertStyleResource
  • ctx.insertStyleHash to ctx.csp.insertStyleHash
  • ctx.insertScriptResource to ctx.csp.insertScriptResource
  • ctx.insertScriptHash to ctx.csp.insertScriptHash

• #14283 3224637 Thanks @​ematipico! - Fixes an issue where CSP headers were incorrectly injected in the development server.

• #14275 3e2f20d Thanks @​florian-lefebvre! - Adds support for experimental CSP when using experimental fonts

  Experimental fonts now integrate well with experimental CSP by injecting hashes for the styles it generates, as well as font-src directives.

  No action is required to benefit from it.

• #14280 4b9fb73 Thanks @​ascorbic! - Fixes a bug that caused cookies to not be correctly set when using middleware sequences

• #14276 77281c4 Thanks @​ArmandPhilippot! - Adds a missing export for resolveSrc, a documented image services utility.

... (truncated)

Changelog

Sourced from astro's changelog.

2.10.14

Patch Changes

• #8206 52606a390 Thanks @​martrapp! - fix: View Transition: swap attributes of document's root element

2.10.13

Patch Changes

• #8152 582132328 Thanks @​andremralves! - Displays a new config error if outDir is placed within publicDir.

• #8166 fddd4dc71 Thanks @​martrapp! - ViewTransitions: Fixes in the client-side router

• #8182 cfc465dde Thanks @​martrapp! - View Transitions: self link (href="") does not trigger page reload

• #8171 95120efbe Thanks @​Princesseuh! - Fix missing type for imageConfig export from astro:assets

• #8187 273335cb0 Thanks @​bluwy! - Fix Astro components parent-child render order

• #8184 9142178b1 Thanks @​martrapp! - Fix: The scrolling behavior of ViewTransitions is now more similar to the expected browser behavior

• #8163 179796405 Thanks @​delucis! - Make typing of defineCollection more permissive to support advanced union and intersection types

2.10.12

Patch Changes

• #8144 04caa99c4 Thanks @​lilnasy! - Fixed an issue where data entries' id included backslashes instead of forward slashes on Windows.

2.10.11

Patch Changes

• #8136 97c8760d7 Thanks @​andremralves! - Fix 404 response leading to an infinite loop when there is no 404 page.

2.10.10

Patch Changes

• #8127 b12c8471f Thanks @​natemoo-re! - Do not throw Error when users pass an object with a "type" property

• #8092 7177f7579 Thanks @​natemoo-re! - Ensure dotfiles are cleaned during static builds

• #8122 fa6b68a77 Thanks @​natemoo-re! - Improve fidelity of time stats when running astro build

• #8070 097a8e4e9 Thanks @​lilnasy! - Fix a handful of edge cases with prerendered 404/500 pages

• #8123 1f6497c33 Thanks @​natemoo-re! - Open to configured base when astro dev --open runs

... (truncated)

Commits

• 468c845 [ci] release (#14336)
• 72e14ab fix: remove the pinned simple-swizzle (#14330)
• 17c7b03 feat: update sharp (#14335)
• aa7bebd [ci] release (#14295)
• c1033be fix: pin simple-swizzle (#14327)
• c24a8f4 fix(vite): update vite to fix CVE (#14326)
• 218e070 Fix: Dynamic route split regex (#14108)
• 0eba233 fix(deps): update astro dependencies (#14308)
• d63f6bb fix(deps): update astro dependencies (#13749)
• bdc8ce2 fix(deps): update astro dependencies (#14305)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

Superseded by #9329.