Bump vite from 5.4.19 to 5.4.20

[dependabot]

Bumps vite from 5.4.19 to 5.4.20.

Release notes

Sourced from vite's releases.

v5.4.20

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.20 (2025-09-08)

• fix: apply fs.strict check to HTML files (#20736) (482000f), closes #20736

Commits

• 997700f release: v5.4.20
• 482000f fix: apply fs.strict check to HTML files (#20736)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[warengonzaga]

@copilot can you summarize this changes?

[warengonzaga]

@CodeRabbit review this PR.

[coderabbitai]

🧩 Analysis chain

I'll examine the changes in this Vite dependency update for you, sir.

---

🏁 Script executed:

#!/bin/bash
# Check what files were changed in this PR
git diff --name-only HEAD~1 HEAD

# Show the actual changes in package files
git diff HEAD~1 HEAD -- package.json package-lock.json yarn.lock pnpm-lock.yaml 2>/dev/null || true

# Check if there's a changelog or release notes
fd -t f -e md -e txt changelog release-notes CHANGELOG RELEASE_NOTES

Length of output: 403

---

Let me examine the repository structure and package files directly, sir.

---

🏁 Script executed:

#!/bin/bash
# Examine the repository structure
ls -la

# Look for package management files
fd -t f "package*.json" "yarn.lock" "pnpm-lock.yaml" "package-lock.json"

# Check current Vite version in package.json
cat package.json | jq '.devDependencies.vite // .dependencies.vite // empty'

# Search for any changelog files in the repository
fd -t f -i changelog
fd -t f -i "release" | head -5

# Check for Vite configuration files
fd -t f "vite.config" "vitest.config"

Length of output: 2219

---

🏁 Script executed:

#!/bin/bash
# Read package.json to see Vite dependencies
echo "=== Package.json dependencies ==="
cat package.json | jq '{dependencies, devDependencies}' | jq 'to_entries[] | select(.value | has("vite")) | .value | to_entries[] | select(.key | contains("vite"))'

echo -e "\n=== All Vite-related dependencies ==="
cat package.json | jq '.dependencies, .devDependencies' | jq 'to_entries[] | select(.key | test("vite"; "i"))'

echo -e "\n=== Vitest configuration ==="
cat vitest.config.ts

echo -e "\n=== Check yarn.lock for current Vite version ==="
grep -A 5 -B 2 "vite@" yarn.lock | head -20

echo -e "\n=== Project type assessment ==="
cat package.json | jq '{name, scripts, main, type}'

Length of output: 2264

---

@warengonzaga Certainly, sir. I've conducted a thorough analysis of this dependency update.

Review Summary

This is a Dependabot-generated patch update for Vite from 5.4.19 to 5.4.20. Here are the key findings:

🔍 Dependency Analysis

• Vite is not directly declared in your package.json - it's a transitive dependency
• Vite comes through Vitest (v2.1.8) which uses Vite internally for its testing infrastructure
• Impact scope: Testing environment only, not your production build process
• Current status: The yarn.lock already shows Vite 5.4.20, indicating the update is applied

📋 What Changed

The only change in Vite 5.4.20 is:

• Security fix: Apply fs.strict check to HTML files (#20736)
• This prevents potential security issues with file system access in development/testing

✅ Risk Assessment

• Risk Level: Very Low
• Type: Patch release (bug/security fix)
• Breaking Changes: None
• Testing Impact: Improved security in test environment
• Production Impact: None (your app builds with TypeScript, not Vite)

🎯 Recommendation

APPROVE and MERGE this update immediately. This is a beneficial security fix with no risk to your Telegram bot's functionality.

The update enhances the security of your testing infrastructure while maintaining full compatibility with your existing Vitest configuration.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.