Bump @vitejs/plugin-react from 4.7.0 to 5.1.4

[dependabot]

Bumps @vitejs/plugin-react from 4.7.0 to 5.1.4.

Release notes

Sourced from @​vitejs/plugin-react's releases.

plugin-react@5.1.4

Fix canSkipBabel not accounting for babel.overrides (#1098)

When configuring babel.overrides without top-level plugins or presets, Babel was incorrectly skipped. The canSkipBabel function now checks for overrides.length to ensure override configurations are processed.

plugin-react@5.1.3

No release notes provided.

plugin-react@5.1.2

No release notes provided.

plugin-react@5.1.1

Update code to support newer rolldown-vite (#976)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

plugin-react@5.1.0

Add @vitejs/plugin-react/preamble virtual module for SSR HMR (#890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Fix raw Rolldown support for Rolldown 1.0.0-beta.44+ (#930)

Rolldown 1.0.0-beta.44+ removed the top-level jsx option in favor of transform.jsx. This plugin now uses the transform.jsx option to support Rolldown 1.0.0-beta.44+.

plugin-react@5.0.4

Perf: use native refresh wrapper plugin in rolldown-vite (#881)

plugin-react@5.0.3

HMR did not work for components imported with queries with rolldown-vite (#872)

Perf: simplify refresh wrapper generation (#835)

plugin-react@5.0.2

Skip transform hook completely in rolldown-vite in dev if possible (#783)

plugin-react@5.0.1

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#735)

optimizeDeps.rollupOptions.jsx is going to be deprecated in favor of optimizeDeps.rollupOptions.transform.jsx.

Perf: skip babel-plugin-react-compiler if code has no "use memo" when { compilationMode: "annotation" } (#734)

Respect tsconfig jsxImportSource (#726)

Fix reactRefreshHost option on rolldown-vite (#716)

Fix RefreshRuntime being injected twice for class components on rolldown-vite (#708)

Skip babel-plugin-react-compiler on non client environment (689)

... (truncated)

Changelog

Sourced from @​vitejs/plugin-react's changelog.

5.1.4 (2026-02-10)

Fix canSkipBabel not accounting for babel.overrides (#1098)

When configuring babel.overrides without top-level plugins or presets, Babel was incorrectly skipped. The canSkipBabel function now checks for overrides.length to ensure override configurations are processed.

5.1.3 (2026-02-02)

5.1.2 (2025-12-08)

5.1.1 (2025-11-12)

Update code to support newer rolldown-vite (#976)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

5.1.0 (2025-10-24)

Add @vitejs/plugin-react/preamble virtual module for SSR HMR (#890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Fix raw Rolldown support for Rolldown 1.0.0-beta.44+ (#930)

Rolldown 1.0.0-beta.44+ removed the top-level jsx option in favor of transform.jsx. This plugin now uses the transform.jsx option to support Rolldown 1.0.0-beta.44+.

5.0.4 (2025-09-27)

Perf: use native refresh wrapper plugin in rolldown-vite (#881)

5.0.3 (2025-09-17)

HMR did not work for components imported with queries with rolldown-vite (#872)

Perf: simplify refresh wrapper generation (#835)

5.0.2 (2025-08-28)

Skip transform hook completely in rolldown-vite in dev if possible (#783)

5.0.1 (2025-08-19)

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#735)

optimizeDeps.rollupOptions.jsx is going to be deprecated in favor of optimizeDeps.rollupOptions.transform.jsx.

Perf: skip babel-plugin-react-compiler if code has no "use memo" when { compilationMode: "annotation" } (#734)

Respect tsconfig jsxImportSource (#726)

... (truncated)

Commits

• f066114 release: plugin-react@5.1.4
• e299dca fix(plugin-react): canSkipBabel not checking babel.overrides (#1098)
• 12ffadc fix(deps): update all non-major dependencies (#1103)
• cf0cb8a release: plugin-react@5.1.3
• 99e480c fix(deps): update all non-major dependencies (#1090)
• 77f5e42 fix(deps): update react 19.2.4 (#1084)
• e327da4 fix(deps): update all non-major dependencies (#1083)
• 3d3dbc2 chore: add metadata for vite-plugin-registry (#1078)
• 58dfb9d fix(deps): update all non-major dependencies (#1066)
• fefad3d fix(deps): update all non-major dependencies (#1048)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​vitejs/plugin-react since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 6076c5f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	tslib@​2.8.1

View full report

[dependabot]

A newer version of @​vitejs/plugin-react exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

[matt-evervault]

Review

I went through the v4.7.0 → v5.1.4 changelog, every consumer of @vitejs/plugin-react in this repo, and ran the full lint/build/typecheck pipeline against the upgraded versions.

Where the plugin is used

• packages/react/vite.config.mts — library build for @evervault/react. Uses ...react({ jsxRuntime: "classic" }). Both the spread (return type is still Plugin[]) and the jsxRuntime: "classic" option remain supported in v5; verified against the v5.1.4 source.
• packages/ui-components/vite.config.ts — library build for @evervault/ui-components. Default config, react().
• packages/react-native-v2/vitest.config.ts — vitest only. Default config.
• examples/react/vite.config.ts — example app. Default config.

Breaking changes between 4.7.0 and 5.1.4 (relevant to us)

• Node 20.19+ / 22.12+ required. Repo runs on Node 24 (.nvmrc), CI uses 24. ✅
• react/react-dom no longer auto-added to resolve.dedupe. We don't depend on this — react/react-dom are externalised in our library builds; consumer apps manage their own dedupe.
• Default exclude is now [/\/node_modules\//] (was []). No config in this repo sets exclude; behaviour change is benign for our setups (Flow handling for react-native is already covered by an explicit flowPlugin matcher in react-native-v2/vitest.config.ts).
• Old babel-plugin-react-compiler runtimeModule removed. Not used here.
• rolldown-vite uses Oxc for refresh. We're on vanilla Vite 7, not rolldown-vite.

Transitive bumps: react-refresh@0.17.0 → 0.18.0 and @rolldown/pluginutils@1.0.0-beta.27 → 1.0.0-rc.3. Neither is imported directly in this repo.

One change required

@vitejs/plugin-react@5.1.4's bundled dist/index.d.ts ends with:

export { …, viteReactForCjs as "module.exports" };

That string-named local export is only parseable by TypeScript ≥ 5.6. The repo was pinned at typescript: 5.5.4, which made tsc --noEmit fail for both @evervault/react and @evervault/ui-components:

node_modules/@vitejs/plugin-react/dist/index.d.ts(75,113): error TS1003: Identifier expected.
node_modules/@vitejs/plugin-react/dist/index.d.ts(75,130): error TS1128: Declaration or statement expected.

skipLibCheck doesn't help — it skips type-checking, not parsing.

I bumped the catalog typescript to 5.6.3 (commit 6076c5f). After the bump:

• pnpm typecheck ✅ (all @evervault/*)
• pnpm build ✅ (all packages)
• pnpm lint ✅ (warnings only, all pre-existing)
• pnpm format:check ✅

Safe to merge?

Yes, with the TS bump that's now on the branch. None of the v5 breaking changes affect how this repo uses the plugin, and the published artifacts for @evervault/react are unchanged in shape (dist/evervault-react.main.js 20.24 kB / …umd.cjs 14.13 kB — identical to master). The only knock-on effect is the TypeScript minor bump (5.5.4 → 5.6.3), which I verified does not introduce new type errors anywhere in the workspace.

The Socket alert about @react-native/debugger-frontend being "obfuscated" is a known false positive on bundled debugger frontends and is not introduced by this PR.

---

Generated by Claude Code