Sourced from vite's releases.

v6.0.9

This version contains a breaking change due to security fixes. See GHSA-vg6x-rcgg-rjx6 for more details.

Please refer to CHANGELOG.md for details.

v6.0.8

Please refer to CHANGELOG.md for details.

v6.0.7

Please refer to CHANGELOG.md for details.

v6.0.6

Please refer to CHANGELOG.md for details.

v6.0.5

Please refer to CHANGELOG.md for details.

v6.0.4

Please refer to CHANGELOG.md for details.

Sourced from vite's changelog.

6.0.9 (2025-01-20)

• fix!: check host header to prevent DNS rebinding attacks and introduce server.allowedHosts (bd896fb)
• fix!: default server.cors: false to disallow fetching from untrusted origins (b09572a)
• fix: verify token for HMR WebSocket connection (029dcd6)

6.0.8 (2025-01-20)

• fix: avoid SSR HMR for HTML files (#19193) (3bd55bc), closes #19193
• fix: build time display 7m 60s (#19108) (cf0d2c8), closes #19108
• fix: don't resolve URL starting with double slash (#19059) (35942cd), closes #19059
• fix: ensure server.close() only called once (#19204) (db81c2d), closes #19204
• fix: resolve.conditions in ResolvedConfig was defaultServerConditions (#19174) (ad75c56), closes #19174
• fix: tree shake stringified JSON imports (#19189) (f2aed62), closes #19189
• fix: use shared sigterm callback (#19203) (47039f4), closes #19203
• fix(deps): update all non-major dependencies (#19098) (8639538), closes #19098
• fix(optimizer): use correct default install state path for yarn PnP (#19119) (e690d8b), closes #19119
• fix(types): improve ESBuildOptions.include / exclude type to allow readonly (string | RegExp)[] (ea53e70), closes #19146
• chore(deps): update dependency pathe to v2 (#19139) (71506f0), closes #19139

6.0.7 (2025-01-02)

• fix: fix minify when builder.sharedPlugins: true (#19025) (f7b1964), closes #19025
• fix: skip the plugin if it has been called before with the same id and importer (#19016) (b178c90), closes #19016
• fix(html): error while removing vite-ignore attribute for inline script (#19062) (a492253), closes #19062
• fix(ssr): fix semicolon injection by ssr transform (#19097) (1c102d5), closes #19097
• perf: skip globbing for static path in warmup (#19107) (677508b), closes #19107
• feat(css): show lightningcss warnings (#19076) (b07c036), closes #19076

6.0.6 (2024-12-26)

• fix: replace runner-side path normalization with fetchModule-side resolve (#18361) (9f10261), closes #18361
• fix(css): resolve style tags in HTML files correctly for lightningcss (#19001) (afff05c), closes #19001
• fix(css): show correct error when unknown placeholder is used for CSS modules pattern in lightningcs (9290d85), closes #19070
• fix(resolve): handle package.json with UTF-8 BOM (#19000) (902567a), closes #19000
• fix(ssrTransform): preserve line offset when transforming imports (#19004) (1aa434e), closes #19004
• chore: fix typo in comment (#19067) (eb06ec3), closes #19067
• chore: update comment about build.target (#19047) (0e9e81f), closes #19047
• revert: unpin esbuild version (#19043) (8bfe247), closes #19043
• test(ssr): test virtual module with query (#19044) (a1f4b46), closes #19044

6.0.5 (2024-12-20)

... (truncated)

• a55f8ba release: v6.0.9
• bd896fb fix!: check host header to prevent DNS rebinding attacks and introduce `serve...
• 029dcd6 fix: verify token for HMR WebSocket connection
• b09572a fix!: default server.cors: false to disallow fetching from untrusted origins
• c0f72a6 release: v6.0.8
• f2aed62 fix: tree shake stringified JSON imports (#19189)
• db81c2d fix: ensure server.close() only called once (#19204)
• 47039f4 fix: use shared sigterm callback (#19203)
• 3bd55bc fix: avoid SSR HMR for HTML files (#19193)
• e690d8b fix(optimizer): use correct default install state path for yarn PnP (#19119)
• Additional commits viewable in compare view

Sourced from better-auth's releases.

v1.1.6

    🔓 Security Fixes

• Enforce origin checker for all GET methods  -  by @​Bekacru (deb3d)

    View changes on GitHub

v1.1.5

   🐞 Bug Fixes

• Upgrade better-auth utils and use subtle from better-auth utils  -  by @​Bekacru in better-auth/better-auth#1021 (2b685)
• Disallow the creator role as a possible invitation role for all inviter roles other than itself  -  by @​Bekacru (6ab16)
• Throw error in multiple resource permission checks  -  by @​Bekacru (ceea5)
• email-otp:
  • Apply user configration for expiresIn properly  -  by @​Bekacru in better-auth/better-auth#1033 (f9fdf)
  • It shouldn't send email if user doesn't exist on forget password  -  by @​Bekacru in better-auth/better-auth#1034 (71713)
• passkey:
  • User verification shouldn't be required on passkey registration  -  by @​canstand in better-auth/better-auth#1053 (00996)

    View changes on GitHub

v1.1.4

   🐞 Bug Fixes

• drizzle: Default to snake-case  -  by @​Bekacru in better-auth/better-auth#1012 (bfc8f)
• email-otp: Reset password should create credential account  -  by @​Bekacru (d2788)
• expo: Local session cache should be scopped  -  by @​Bekacru in better-auth/better-auth#1020 (ef2ff)
• vue: Auth path should account for double slash on ssr  -  by @​Bekacru (78b6b)

    View changes on GitHub

v1.1.4-beta.2

   🐞 Bug Fixes

• drizzle: Default to snake-case  -  by @​Bekacru in better-auth/better-auth#1012 (bfc8f)
• email-otp: Reset password should create credential account  -  by @​Bekacru (d2788)
• expo: Local session cache should be scopped  -  by @​Bekacru in better-auth/better-auth#1020 (ef2ff)
• vue: Auth path should account for double slash on ssr  -  by @​Bekacru (78b6b)

    View changes on GitHub

v1.1.4-beta.1

No significant changes

    View changes on GitHub

v1.1.3

   🚀 Features

• Support building type declaration with tsc  -  by @​Bekacru in better-auth/better-auth#1005 (2885d)

... (truncated)

• e7a03bd chore: release v1.1.6
• 8eddfa9 chore: cleanup
• deb3d73 fix: enforce origin checker for GET methods
• dd8f34d chore: cleanup
• 8a77c7a chore: release v1.1.5
• 0de8770 chore: fix test imports
• ceea542 fix: throw error in multiple resource permission checks
• 6ab1689 fix: disallow the creator role as a possible invitation role for all inviter ...
• 00996b9 fix(passkey): user verification shouldn't be required on passkey registration...
• 717134f fix(email-otp): it shouldn't send email if user doesn't exist on forget passw...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.