refactor: Bump vite from 7.3.2 to 8.0.5

[mtrezza]

Bumps vite from 7.3.2 to 8.0.5.

Closes #3004

Changes

• Updates vite from 7.3.2 to 8.0.5 (major version bump)
• Vite 8 replaces Rollup with Rolldown as the internal bundler (feat!: the epic rolldown-vite merge vitejs/vite#21189)
• Default browser target updated (feat!: update default browser target vitejs/vite#21193)
• import.meta.hot.accept resolution fallback removed (refactor!: remove import.meta.hot.accept resolution fallback vitejs/vite#21382)
• Native plugins v2 enabled by default (feat: introduce v2 native plugins and enable it by default vitejs/vite#21268)
• customResolver in resolve.alias deprecated (refactor: deprecate customResolver in resolve.alias vitejs/vite#21476)

Breaking Changes

• Rolldown replaces Rollup internally; Rollup plugin compatibility layer is provided
• import.meta.hot.accept no longer has a resolution fallback
• Default build.target updated to more modern browsers

None of these breaking changes affect this project:

• The vite config uses standard rollupOptions which Rolldown supports
• HMR accept is not used in the vite config
• The project uses explicit UMD format builds, not relying on default browser targets
• customResolver is not used in resolve.alias
• Node.js requirement unchanged: ^20.19.0 || >=22.12.0

Code Changes Required

None. This is a devDependency used only for UMD bundling. All plugins (vite-plugin-node-polyfills, vite-plugin-commonjs, @rollup/plugin-terser) are compatible. Build verified locally.

Summary by CodeRabbit

• Chores
  • Upgraded Vite from 7.3.2 to 8.0.5 with the latest enhancements and improvements for development environments
  • Updated PostCSS from 8.5.6 to 8.5.9 for improved CSS processing and compatibility
  • Integrated new build optimization tools and added cross-platform support components to the development environment

[parse-github-assistant]

🚀 Thanks for opening this pull request! We appreciate your effort in improving the project. Please let us know once your pull request is ready for review.

Tip

• Keep pull requests small. Large PRs will be rejected. Break complex features into smaller, incremental PRs.
• Use Test Driven Development. Write failing tests before implementing functionality. Ensure tests pass.
• Group code into logical blocks. Add a short comment before each block to explain its purpose.
• We offer conceptual guidance. Coding is up to you. PRs must be merge-ready for human review.
• Our review focuses on concept, not quality. PRs with code issues will be rejected. Use an AI agent.
• Human review time is precious. Avoid review ping-pong. Inspect and test your AI-generated code.

Note

Please respond to review comments from AI agents just like you would to comments from a human reviewer. Let the reviewer resolve their own comments, unless they have reviewed and accepted your commit, or agreed with your explanation for why the feedback was incorrect.

Caution

Pull requests must be written using an AI agent with human supervision. Pull requests written entirely by a human will likely be rejected, because of lower code quality, higher review effort and the higher risk of introducing bugs. Please note that AI review comments on this pull request alone do not satisfy this requirement. Our CI and AI review are safeguards, not development tools. If many issues are flagged, rethink your development approach. Invest more effort in planning and design rather than using review cycles to fix low-quality code.

[coderabbitai]

📝 Walkthrough

Walkthrough

Vite development dependency upgraded from 7.3.2 to 8.0.5 across package.json and package-lock.json, with corresponding lockfile reorganization including PostCSS 8.5.9 upgrade, new bundler-related packages (rolldown, lightningcss), and updated internal dependency metadata.

Changes

Cohort / File(s)	Summary
Build Tool Version Upgrades package.json	Vite dev dependency bumped from 7.3.2 to 8.0.5.
Lockfile Updates package-lock.json	Vite dependency graph restructured for v8.0.5; PostCSS updated to 8.5.9; new packages added (rolldown, lightningcss, @oxc-project/types, detect-libc, and platform-specific binaries); peer metadata added to multiple dependency entries; internal dependency requirements modified to use lightningcss instead of postcss/rollup/fdir.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Parse-SDK-JS#2829: Updates Vite dependency version in package.json and package-lock.json (previous version bump to 7.2.4).
• Parse-SDK-JS#3009: Modifies Vite version entries in both package.json and package-lock.json (another Vite version upgrade).

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Engage In Review Feedback	❓ Inconclusive	Unable to determine PR state or review feedback engagement due to insufficient context about the specific review comments and current repository status.	Provide the specific review feedback comments about vite-plugin-commonjs compatibility and the PR/branch details to assess engagement.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title begins with 'refactor:' prefix as required and clearly describes the main change: upgrading vite from 7.3.2 to 8.0.5.
Description check	✅ Passed	The pull request description is comprehensive and well-structured, covering the issue, detailed changes, breaking changes analysis, and code change requirements. However, it does not follow the provided template structure with explicit sections for Issue/Approach/Tasks.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Security Check	✅ Passed	No critical security vulnerabilities detected. PostCSS ReDoS vulnerability (CVE-2024-43944) fixed by upgrade from 8.5.6 to 8.5.9. All new dependencies have no known CVEs.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 Checkov (3.2.513)

package.json

2026-04-10 19:44:57,148 [MainThread ] [ERROR] Template file not found: package.json
2026-04-10 19:44:57,163 [MainThread ] [ERROR] Template file not found: package.json
2026-04-10 19:44:57,181 [MainThread ] [ERROR] Template file not found: package.json
2026-04-10 19:44:57,236 [MainThread ] [ERROR] Failed to invoke function /usr/local/lib/python3.11/dist-packages/checkov/common/runners/object_runner. with package.json
Traceback (most recent call last):
File "/usr/local/lib/python3.11/dist-packages/checkov/common/parallelizer/parallel_runner.py", line 88, in func_wrapper
result = original_func(item)
^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/checkov/common/runners/object_runner.py", line 74, in
results = parallel_runner.run_function(lambda f: (f, self._parse_file(f)), files_to_load)
^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/checkov/ope

... [truncated 2547 characters] ...

[MainThread ] [WARNI] Secret scanning: could not process file package.json
2026-04-10 19:44:57,299 [MainThread ] [ERROR] Exception traceback:
Traceback (most recent call last):
File "/usr/local/lib/python3.11/dist-packages/checkov/main.py", line 647, in run
self.scan_reports = runner_registry.run(
^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/checkov/common/runners/runner_registry.py", line 177, in run
for result in parallel_runner_results:
File "/usr/local/lib/python3.11/dist-packages/checkov/common/parallelizer/parallel_runner.py", line 118, in _run_function_multiprocess_fork
raise v.internal_exception.with_traceback(v.internal_exception.traceback)
FileNotFoundError: [Errno 2] No such file or directory: 'package.json'

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.98%. Comparing base (1b27cb4) to head (a985718).
⚠️ Report is 10 commits behind head on alpha.

Additional details and impacted files

@@           Coverage Diff           @@
##            alpha    #3012   +/-   ##
=======================================
  Coverage   99.98%   99.98%           
=======================================
  Files          64       64           
  Lines        6333     6333           
  Branches     1519     1519           
=======================================
  Hits         6332     6332           
  Misses          1        1           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 123: package.json was updated to "vite": "8.0.5" but
vite-plugin-commonjs@0.10.4 predates Vite 8 and may be incompatible; run the
full test suite and a dev Vite build/dev server to verify vite-plugin-commonjs
still works, and if failures occur either upgrade vite-plugin-commonjs to a
Vite‑8‑compatible release (or replace it with an alternative plugin) and update
package.json, or add a compatibility shim or pinned workaround in your Vite
config; ensure package.json references ("vite" and
"vite-plugin-commonjs@0.10.4") are the ones changed and add/adjust tests that
exercise the plugin during the CI build to prevent regressions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3c8d35a7-1a81-4918-8347-c727e33184e7

📥 Commits

Reviewing files that changed from the base of the PR and between 1b27cb4 and a985718.

📒 Files selected for processing (2)

• package-lock.json
• package.json

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

`Please verify current compatibility notes for:

1. vite-plugin-commonjs@0.10.4 with vite@8.x
2. vite-plugin-node-polyfills@0.26.0 with vite@8.x
   using official docs/releases/changelogs for each plugin and Vite 8.`

💡 Result:

1. vite-plugin-commonjs@0.10.4 with vite@8.x: Compatibility unknown/unconfirmed. Last release November 2024 (pre-Vite 8, which released March 2026). No explicit Vite 8 or Rolldown mentions in changelog, releases, or issues. Uses standard Vite plugin API (transform hook, etc.), likely works given Vite 8's "full plugin compatibility," but no official confirmation or testing evidence found. 2) vite-plugin-node-polyfills@0.26.0 with vite@8.x: Compatible. Released March 29, 2026 (post-Vite 8), explicitly adds "support for Vite v8." Peer dependencies include ^8.0.0. Earlier versions added Rolldown/rolldown-vite support.

Citations:

• 1: https://github.com/vite-plugin/vite-plugin-commonjs
• 2: https://vite.dev/blog/announcing-vite8
• 3: https://deepwiki.com/vite-plugin/vite-plugin-commonjs/10-version-history
• 4: https://github.com/vite-plugin/vite-plugin-commonjs/blob/main/CHANGELOG.md
• 5: https://github.com/vite-plugin/vite-plugin-commonjs/releases
• 6: https://github.com/voracious/vite-plugin-node-polyfills
• 7: https://www.npmjs.com/package/vite-plugin-node-polyfills/v/0.18.0
• 8: https://github.com/davidmyersdev/vite-plugin-node-polyfills/releases
• 9: https://github.com/vite-plugin/vite-plugin-commonjs/blob/52b01d3d/src/index.ts
• 10: vite@8 regression: dynamic import in CJS doesn't work anymore vitejs/vite#21904

---

Vite bump is clean; verify vite-plugin-commonjs compatibility in tests.

The Vite 8.0.5 bump at Line 123 is consistent with existing manifest structure. Verification confirms vite-plugin-node-polyfills@0.26.0 is compatible with Vite 8.x (released post-Vite 8 with explicit support). However, vite-plugin-commonjs@0.10.4 was last released before Vite 8 (November 2024) and has no official compatibility confirmation. While it uses standard Vite plugin APIs that Vite 8 claims to maintain, ensure this plugin works in your test suite before merging. Consider updating vite-plugin-commonjs if a newer release becomes available.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 123, package.json was updated to "vite": "8.0.5" but
vite-plugin-commonjs@0.10.4 predates Vite 8 and may be incompatible; run the
full test suite and a dev Vite build/dev server to verify vite-plugin-commonjs
still works, and if failures occur either upgrade vite-plugin-commonjs to a
Vite‑8‑compatible release (or replace it with an alternative plugin) and update
package.json, or add a compatibility shim or pinned workaround in your Vite
config; ensure package.json references ("vite" and
"vite-plugin-commonjs@0.10.4") are the ones changed and add/adjust tests that
exercise the plugin during the CI build to prevent regressions.

[mtrezza]

The build has been verified locally and passes on all CI build jobs (Node 20, 22, 24). The vite-plugin-commonjs plugin has no vite peer dependency and works correctly with Vite 8 — the UMD bundle builds (browser + weapp) that use this plugin all completed successfully.

[coderabbitai]

@mtrezza, thanks for confirming — that's thorough verification. Good to know vite-plugin-commonjs has no Vite peer dependency and the UMD builds pass end-to-end across all Node versions. I'll note this for future reviews.

---

✏️ Learnings added

Learnt from: mtrezza
Repo: parse-community/Parse-SDK-JS PR: 3012
File: package.json:123-123
Timestamp: 2026-04-10T19:51:55.614Z
Learning: In parse-community/Parse-SDK-JS, vite-plugin-commonjs0.10.4 has no vite peer dependency and is compatible with Vite 8.x. The UMD bundle builds (browser + weapp targets) that use this plugin complete successfully with Vite 8. Do not flag vite-plugin-commonjs0.10.4 as potentially incompatible with Vite 8 in this repository.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

🧠 Learnings used

Learnt from: mtrezza
Repo: parse-community/Parse-SDK-JS PR: 3008
File: package-lock.json:12772-12774
Timestamp: 2026-04-10T18:44:58.723Z
Learning: In the parse-community/Parse-SDK-JS repository, the lockfileVersion compatibility is validated by a dedicated CI check called "NPM Lock File Version". Do not flag lockfileVersion mismatches as issues when CI checks are passing, as they are already covered by this dedicated check. Avoid raising false-positive concerns about package-lock.json lockfileVersion in this repository.

---

Learnt from: mtrezza
Repo: parse-community/Parse-SDK-JS PR: 2958
File: package-lock.json:28985-28985
Timestamp: 2026-03-28T19:24:05.702Z
Learning: In the parse-community/Parse-SDK-JS repository, path-to-regexp is a transitive dependency locked within parse-server's own dependency tree. Parse-SDK-JS cannot independently override or pin this transitive dependency. Any security fixes for path-to-regexp must be addressed upstream in parse-server itself. The fix for GHSA-27v5-c462-wpq7 (path-to-regexp 8.4.0) was merged into parse-server via parse-community/parse-server#10340. When reviewing lockfile vulnerability findings for parse-server's transitive dependencies, do not flag them as actionable for Parse-SDK-JS — defer to the upstream parse-server release cycle.

---

Learnt from: mtrezza
Repo: parse-community/Parse-SDK-JS PR: 2964
File: package-lock.json:13474-13481
Timestamp: 2026-03-29T15:27:54.913Z
Learning: In parse-community/Parse-SDK-JS, chromium-bidi and pinned Chromium browser version changes within the puppeteer dependency tree are internal to puppeteer. Puppeteer downloads and manages its own browser binary, so version bumps to chromium-bidi (e.g., 13.x → 14.0.0) or its pinned Chromium version do not constitute breaking changes for Parse-SDK-JS or its users, and should not be flagged as actionable issues in reviews of this repository.

---

If you found this review helpful, would you consider giving us a shout-out on X?

Thank you for using CodeRabbit!

False positive: vite-plugin-commonjs has no vite peer dependency and works correctly with Vite 8. Build verified locally and all CI build jobs (Node 20, 22, 24) pass successfully.

[parseplatformorg]

🎉 This change has been released in version 8.6.0-alpha.1

[parseplatformorg]

🎉 This change has been released in version 8.6.0