build(deps-dev): bump the dev-minor-patch group with 4 updates

[dependabot]

Bumps the dev-minor-patch group with 4 updates: @vitejs/plugin-react, @tybys/wasm-util, electron and vite.

Updates @vitejs/plugin-react from 6.0.2 to 6.0.3

Changelog

Sourced from @​vitejs/plugin-react's changelog.

6.0.3 (2026-06-23)

Commits

• 640fd35 release: plugin-react@6.0.3
• 889efb0 fix(deps): update all non-major dependencies (#1249)
• 6c57dd4 fix(plugin-react): use '/' base in bundledDev preamble to fix non-root base p...
• 3cc33a7 fix(deps): update react-related dependencies (#1245)
• c0f7c7f docs: mention the Biome rule in the "Consistent components exports" section (...
• cd80f0f fix(deps): update all non-major dependencies (#1241)
• e38acca fix(deps): update all non-major dependencies (#1227)
• 9a9bb26 perf(react): improve react compiler preset so that slightly more modules are ...
• See full diff in compare view

Updates @tybys/wasm-util from 0.10.2 to 0.10.3

Commits

• See full diff in compare view

Updates electron from 41.7.2 to 41.8.0

Release notes

Sourced from electron's releases.

electron v41.8.0

Release Notes for v41.8.0

Fixes

• Fixed a browser process crash when calling webContents.reload() or navigating synchronously from the render-process-gone event; the event is now emitted after the renderer's teardown notification has completed. #51917 (Also in 42, 43)
• Fixed a bug on Linux where a 1px line appeared at the top of frameless windows if the window and web contents had different background colors. #52004 (Also in 42, 43)

Other Changes

• Backported fixes from upstream Chromium and V8. #51936
• Backported fixes from upstream Chromium, Skia and Dawn. #51943
• Updated Node.js to v24.16.0. #51746

Documentation

• Documentation changes: #51925

Commits

• c0fbe12 fix: remove 1px line from the top of frameless windows on Linux (#51458) (#52...
• ccca53d fix: macOS menu roles missing Tahoe icons (#52014)
• 11f5d26 chore: cherry-pick 30 changes from chromium, skia, dawn (#51943)
• a4358c7 build: bump node-gyp to 12.3.0 (#51969)
• 3736195 chore: bump node to v24.16.0 (41-x-y) (#51746)
• 9a0a00c fix: emit render-process-gone outside the process-death notification (#51917)
• 6ba5e4e docs: add API documentation for app.setDesktopName (#51925)
• 5df330a chore: cherry-pick 14 changes from chromium, v8 (#51936)
• See full diff in compare view

Updates vite from 8.0.16 to 8.1.0

Release notes

Sourced from vite's releases.

create-vite@8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0

Please refer to CHANGELOG.md for details.

v8.1.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.1.0-beta.0

Please refer to CHANGELOG.md for details.

v8.1.0-beta.0

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.0 (2026-06-23)

Features

• extend server.fs.deny list with common files (#22707) (61ba8fd)
• update rolldown to 1.1.2 (#22695) (4f008a6)
• use ~ for Rolldown (#22693) (9928722)

Bug Fixes

• bundled-dev: errors should be kept when incremental build fails (#22617) (9a0dd48)
• cache falsy values in perEnvironmentState (#22715) (0e91e79)
• glob: respect caseSensitive option in hmr matcher (#22711) (65f525e)
• html: omit nonce on import map when cspNonce is unset (#22713) (8340bb5)
• optimizer: skip null-valued exports in expandGlobIds glob resolution (#22611) (8b9f5cd)
• resolved build options should be kept as a getter (#22691) (3527191)
• server: handle malformed URI in memory files middleware (#22714) (df9e0a5)
• use literal envPrefix queries for Vite Task (#22706) (da72733)
• warn on deprecated envFile (#22555) (ed7b283)

Code Refactoring

• client: inline dev-id value in CSS selector (#22736) (57f59bc)
• remove unused removeRawQuery util (#22724) (403cc60)
• use rolldownOptions property for chunkImportMap (#22692) (8e8816c)

8.1.0-beta.0 (2026-06-15)

Features

• import.meta.glob support caseSensitive option (#21707) (2ad6737)
• add warning to discourage Vite with yarn pnp (#21906) (3fbb55a)
• build: chunk importmap (#21580) (e180312)
• css: support lightningcss plugin dependency (#21748) (0b7aaed)
• deps: bump @​vitejs/devtools peer dependency version (#22542) (d2c2bc0)
• html: add html.additionalAssetSources option (#21412) (a41404b)
• integrate with Vite Task for zero-config build caching (#22453) (f8d75f7)
• rename server.hmr options to server.ws options (#21357) (9ce3036)
• server: support multiple hosts in __VITE_ADDITIONAL_SERVER_ALLOWED_HOSTS (#21501) (735f9a1)
• track dependencies when loading config with native (#22602) (a7e2da8)
• types: add more precise typing for known query types to match known as types (#21863) (cc39e55)
• update rolldown to 1.1.1 (#22593) (8a13d63)
• wasm: direct .wasm imports (WASM ESM Integration) (#21779) (c23d85b)

Bug Fixes

• apply correct fs restrictions for pnpm gvs (#22415) (092320b)
• css: support external CSS with lightningcss (#18389) (d64a1a5)
• deps: update all non-major dependencies (#22637) (44bb9d9)
• deps: update all non-major dependencies (#22681) (f4f0633)
• html: insert import map before modulepreload that is not self-close tag (#21409) (e399c89)
• optimizer: preserve sourcemaps for transformed optimized deps with follow-up transforms (#22428) (1298951)

... (truncated)

Commits

• 5909efd fix: allow multiple bindCLIShortcuts calls with shortcut merging (#21103)
• 39a0a15 chore(deps): update rolldown-related dependencies (#21095)
• 6a34ac3 fix(deps): update all non-major dependencies (#21096)
• 02ceaec chore(deps): update dependency @​rollup/plugin-commonjs to v29 (#21099)
• 572aaca release: v7.2.2
• 728c8ee fix: revert "refactor: use fs.cpSync (#21019)" (#21081)
• a532e68 release: v7.2.1
• 82d2d6c fix(worker): some worker asset was missing (#21074)
• f83264f refactor(build): rename indexOfMatchInSlice to findPreloadMarker (#21054)
• 8293de0 release: v7.2.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[cursor]

PR Summary

Medium Risk
Electron and Vite patch/minor bumps change the desktop shell and bundler without app code edits; worth smoke-testing npm run dev, npm run build, and a packaged run.

Overview
Bumps four devDependencies in package.json and refreshes package-lock.json (including transitive rolldown 1.0.3 → 1.1.2 pulled in by vite 8.1.0).

vite ^8.0.16 → ^8.1.0 and @vitejs/plugin-react ^6.0.2 → ^6.0.3 affect the electron-vite dev/build pipeline. electron ^41.7.2 → ^41.8.0 updates the packaged runtime (crash fixes around render-process-gone / reload, Linux frameless window rendering, Node backport). @tybys/wasm-util ^0.10.2 → ^0.10.3 is a patch dev transitive override alignment.

No application source changes—only lockfile resolution updates.

^{Reviewed by Cursor Bugbot for commit 4c999f2. Bugbot is set up for automated code reviews on this repo. Configure here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vite@​8.0.16 ⏵ 8.1.0	-1		+1	+2
	@​tybys/​wasm-util@​0.10.2 ⏵ 0.10.3			+1
	@​vitejs/​plugin-react@​6.0.2 ⏵ 6.0.3
	electron@​41.7.2 ⏵ 41.8.0	+1		+1

View full report