feat(deps): bump vite from 5.4.21 to 6.4.2

[dependabot]

Bumps vite from 5.4.21 to 6.4.2.

Release notes

Sourced from vite's releases.

v6.4.2

Please refer to CHANGELOG.md for details.

v6.4.1

Please refer to CHANGELOG.md for details.

v6.4.0

Please refer to CHANGELOG.md for details.

v6.3.7

Please refer to CHANGELOG.md for details.

v6.3.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

6.4.2 (2026-04-06)

• fix: apply server.fs check to env transport (#22159) (#22163) (fe28e47), closes #22159 #22163
• fix: avoid path traversal with optimize deps sourcemap handler (#22161) (ca4da5d), closes #22161

6.4.1 (2025-10-20)

• fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969) (1114b5d), closes #20968 #20969

6.4.0 (2025-10-15)

• feat: allow passing down resolved config to vite's createServer (#20932) (ca6455e), closes #20932

6.3.7 (2025-10-14)

• fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940) (c59a222), closes #20940

6.3.6 (2025-09-08)

• fix: apply fs.strict check to HTML files (#20736) (0ab19ea), closes #20736
• fix: upgrade sirv to 3.0.2 (#20735) (e11d240), closes #20735
• test: detect ts support via process.features (#20544) (7d99229), closes #20544

6.3.5 (2025-05-05)

• fix(ssr): handle uninitialized export access as undefined (#19959) (fd38d07), closes #19959

6.3.4 (2025-04-30)

• fix: check static serve file inside sirv (#19965) (c22c43d), closes #19965
• fix(optimizer): return plain object when using require to import externals in optimized dependenci (efc5eab), closes #19940
• refactor: remove duplicate plugin context type (#19935) (d6d01c2), closes #19935

6.3.3 (2025-04-24)

• fix: ignore malformed uris in tranform middleware (#19853) (e4d5201), closes #19853

... (truncated)

Commits

• 6b3fad0 release: v6.4.2
• ca4da5d fix: avoid path traversal with optimize deps sourcemap handler (#22161)
• fe28e47 fix: apply server.fs check to env transport (#22159) (#22163)
• 5487f4f release: v6.4.1
• 1114b5d fix(dev): trim trailing slash before server.fs.deny check (#20968) (#20969)
• f12697c release: v6.4.0
• ca6455e feat: allow passing down resolved config to vite's createServer (#20932)
• 0e173d8 release: v6.3.7
• c59a222 fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940)
• 3f337c5 release: v6.3.6
• Additional commits viewable in compare view

[github-actions]

Semver Impact of This PR

🟡 Minor (new features)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

New Features ✨

Core

• Support registerTool/registerResource/registerPrompt in MCP integration by betegon in #20071
• Support embeddings in langchain by nicohrubec in #20017

Deps

• Bump vite from 5.4.21 to 6.4.2 by dependabot[bot] in #20111

• Bump bundler plugins to 5.2.0 by chargome in #20122
• Bump lodash.template from 4.5.0 to 4.18.1 by dependabot in #20085
• Bump @xmldom/xmldom from 0.8.3 to 0.8.12 by dependabot in #20066

Other

• (cloudflare) Support basic WorkerEntrypoint by JPeer264 in #19884
• (core, node) Portable Express integration by isaacs in #19928
• (deno) Add denoRuntimeMetricsIntegration by chargome in #20023
• (node, bun) Enforce minimum collection interval in runtime metrics integrations by chargome in #20068
• (react-router) Export sentryOnError by chargome in #20120

Bug Fixes 🐛

Core

• Replace regex with string check in stack parser to prevent main thread blocking by chargome in #20089
• Set span.status to error when MCP tool returns JSON-RPC error response by betegon in #20082

Other

• (aws-serverless) Add timeout to _endSpan forceFlush to prevent Lambda hanging by logaretm in #20064
• (cloudflare) Ensure every request instruments functions by JPeer264 in #20044
• (gatsby) Fix errorHandler signature to match bundler-plugin-core API by JPeer264 in #20048

Internal Changes 🔧

Core

• Do not emit spans for chats.create in google-genai by nicohrubec in #19990
• Unify .do* span ops to gen_ai.generate_content by nicohrubec in #20074
• Simplify addResponseAttributes in openai integration by nicohrubec in #20013
• Extract shared endStreamSpan for AI integrations by nicohrubec in #20021
• Remove provider-specific AI span attributes in favor of gen_ai attributes in sentry conventions by nicohrubec in #20011

Deps

• Bump mshick/add-pr-comment from dd126dd8c253650d181ad9538d8b4fa218fc31e8 to e7516d74559b5514092f5b096ed29a629a1237c6 by dependabot in #20078
• Bump getsentry/craft/.github/workflows/changelog-preview.yml from 2.24.1 to 2.25.2 by dependabot in #20081

Other

• (node) Add node integration tests for Vercel ToolLoopAgent by nicohrubec in #20087
• (nuxt) Make Nuxt 5 (nightly) E2E optional by s1gr1d in #20113
• (oxlint) Add typeawareness into oxlintrc by JPeer264 in #20075
• Update validate-pr workflow by stephanie-anderson in #20072
• Remove unused tsconfig-template folder by mydea in #20067

---

_{🤖 This preview updates automatically when you update the PR.}

[github-actions]

Semver Impact of This PR

🟡 Minor (new features)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

New Features ✨

Deps

• Bump vite from 5.4.21 to 6.4.2 by dependabot[bot] in #20111

• Bump lodash.template from 4.5.0 to 4.18.1 by dependabot in #20085
• Bump @xmldom/xmldom from 0.8.3 to 0.8.12 by dependabot in #20066

Other

• (core) Support embeddings in langchain by nicohrubec in #20017
• (core, node) Portable Express integration by isaacs in #19928
• (deno) Add denoRuntimeMetricsIntegration by chargome in #20023
• (node, bun) Enforce minimum collection interval in runtime metrics integrations by chargome in #20068

Bug Fixes 🐛

• (aws-serverless) Add timeout to _endSpan forceFlush to prevent Lambda hanging by logaretm in #20064
• (cloudflare) Ensure every request instruments functions by JPeer264 in #20044
• (core) Set span.status to error when MCP tool returns JSON-RPC error response by betegon in #20082
• (gatsby) Fix errorHandler signature to match bundler-plugin-core API by JPeer264 in #20048

Internal Changes 🔧

Core

• Do not emit spans for chats.create in google-genai by nicohrubec in #19990
• Unify .do* span ops to gen_ai.generate_content by nicohrubec in #20074
• Simplify addResponseAttributes in openai integration by nicohrubec in #20013
• Extract shared endStreamSpan for AI integrations by nicohrubec in #20021
• Remove provider-specific AI span attributes in favor of gen_ai attributes in sentry conventions by nicohrubec in #20011

Deps

• Bump mshick/add-pr-comment from dd126dd8c253650d181ad9538d8b4fa218fc31e8 to e7516d74559b5514092f5b096ed29a629a1237c6 by dependabot in #20078
• Bump getsentry/craft/.github/workflows/changelog-preview.yml from 2.24.1 to 2.25.2 by dependabot in #20081

Other

• (node) Add node integration tests for Vercel ToolLoopAgent by nicohrubec in #20087
• Update validate-pr workflow by stephanie-anderson in #20072
• Remove unused tsconfig-template folder by mydea in #20067

---

_{🤖 This preview updates automatically when you update the PR.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 982246b. Configure here.}

[cursor]

Vite 6 incompatible with svelte plugin 1.4.0

High Severity

Bumping vite to ^6.4.2 without updating companion plugins breaks compatibility. @sveltejs/vite-plugin-svelte@1.4.0 (pinned in packages/svelte) requires vite ^3.0.0, and @sveltejs/vite-plugin-svelte@^3.0.0 (resolving to 3.1.2 in packages/sveltekit) requires vite ^5.0.0. Since packages/svelte/vite.config.ts directly imports and uses the svelte plugin, the test suite for @sentry/svelte will break. Similarly, packages/sveltekit tests are affected.

Additional Locations (1)

• packages/sveltekit/package.json#L63-L64

 

^{Reviewed by Cursor Bugbot for commit 982246b. Configure here.}

[Lms24]

We shouldn't merge this. All bumped dependencies are either test package dependencies or dev dependencies of our packages. Nothing gets shipped to users. Bumping vite majors without adapting some of the tests/frameworks in there is not a good idea.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.