chore(deps): update dependency @vitejs/plugin-react to v5.1.2

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@vitejs/plugin-react (source)	5.0.0 -> 5.1.2

---

Release Notes

vitejs/vite-plugin-react (@​vitejs/plugin-react)

v5.1.2

Compare Source

v5.1.1

Compare Source

Update code to support newer rolldown-vite (#​976)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

v5.1.0

Compare Source

Add @vitejs/plugin-react/preamble virtual module for SSR HMR (#​890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Fix raw Rolldown support for Rolldown 1.0.0-beta.44+ (#​930)

Rolldown 1.0.0-beta.44+ removed the top-level jsx option in favor of transform.jsx. This plugin now uses the transform.jsx option to support Rolldown 1.0.0-beta.44+.

v5.0.4

Compare Source

Perf: use native refresh wrapper plugin in rolldown-vite (#​881)

v5.0.3

Compare Source

HMR did not work for components imported with queries with rolldown-vite (#​872)

Perf: simplify refresh wrapper generation (#​835)

v5.0.2

Compare Source

Skip transform hook completely in rolldown-vite in dev if possible (#​783)

v5.0.1

Compare Source

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#​735)

optimizeDeps.rollupOptions.jsx is going to be deprecated in favor of optimizeDeps.rollupOptions.transform.jsx.

Perf: skip babel-plugin-react-compiler if code has no "use memo" when { compilationMode: "annotation" } (#​734)

Respect tsconfig jsxImportSource (#​726)

Fix reactRefreshHost option on rolldown-vite (#​716)

Fix RefreshRuntime being injected twice for class components on rolldown-vite (#​708)

Skip babel-plugin-react-compiler on non client environment (689)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

PR Review: Update @vitejs/plugin-react to v5.1.2

Summary

This is a Renovate bot dependency update PR that upgrades @vitejs/plugin-react from version 5.0.0 to 5.1.2. This is a low-risk dependency update with performance improvements and bug fixes.

✅ Code Quality & Best Practices

APPROVED - The dependency update follows best practices:

• Uses lock file for reproducible builds
• Includes detailed changelog information in PR description
• Properly configured automerge for low-risk dependencies
• No breaking changes in this minor version update

🐛 Potential Bugs or Issues

NONE IDENTIFIED - The update includes:

• 7 patch/minor releases (5.0.0 → 5.1.2)
• Bug fixes for HMR with Rolldown
• Performance improvements (skip transforms when possible)
• Better TypeScript config handling (jsxImportSource)
• No reported breaking changes

Key improvements:

• v5.1.2: Latest stable release
• v5.1.1: Better Rolldown support
• v5.1.0: SSR HMR improvements via virtual module
• v5.0.1-5.0.4: Performance optimizations and bug fixes

⚡ Performance Considerations

POSITIVE IMPACT - This update includes several performance enhancements:

1. Native refresh wrapper plugin for Rolldown (v5.0.4)
2. Simplified refresh wrapper generation (v5.0.3)
3. Skips transform hook in dev when possible (v5.0.2)
4. Skips babel-plugin-react-compiler when not needed (v5.0.1)

These changes should result in faster development builds and HMR performance.

🔒 Security Concerns

NONE IDENTIFIED - This is a dev dependency that:

• Only affects build tooling, not runtime
• Comes from the official Vite team
• Will be scanned by existing Trivy security checks in CI
• No security advisories associated with this update

🧪 Test Coverage

ADEQUATE - The PR will be validated by:

• ✅ Frontend type checking: npm run type-check
• ✅ Linting: npm run lint
• ✅ Formatting: npm run format:check
• ✅ Build: npm run build
• ✅ Docker build test: Validates production builds
• ✅ Security scanning: Trivy vulnerability scanner

All existing CI checks should pass without modification.

📋 Additional Notes

Package Lock Changes

The package-lock.json shows:

• +77 lines, -62 lines - Net increase due to dependency tree optimization
• @babel/core updated to 7.28.5 (peer dependency)
• @rolldown/pluginutils updated to 1.0.0-beta.53
• react-refresh updated to 0.18.0
• Several peer dependencies properly marked

Compatibility

The plugin now requires:

• Node.js: ^20.19.0 || >=22.12.0
• This project uses Node 20 in CI ✅

Recommendation

✅ APPROVE AND MERGE - This is a safe, beneficial update that:

1. Brings performance improvements to the development workflow
2. Includes important bug fixes for HMR
3. Maintains compatibility with the project's tooling
4. Has automerge enabled and will merge automatically once CI passes
5. Follows the project's dependency management strategy

No manual intervention required - let Renovate handle the merge once all CI checks pass.

---

Review conducted according to CLAUDE.md guidelines. All CI checks will validate this change before merge.

[claude]

PR Review: Update @vitejs/plugin-react to v5.1.2

Summary

This is an automated dependency update from Renovate that upgrades @vitejs/plugin-react from v5.0.0 to v5.1.2. The update appears to be a low-risk minor version bump with bug fixes and performance improvements.

---

✅ Positive Aspects

1. Clean Dependency Update: The changes are isolated to package-lock.json with no breaking changes or code modifications required.

2. Performance Improvements: The changelog includes several optimizations:

   • Native refresh wrapper plugin in rolldown-vite (#881)
   • Simplified refresh wrapper generation (#835)
   • Skip transform hook completely in rolldown-vite when possible (#783)

3. Bug Fixes: Several important fixes included:

   • HMR fixes for components imported with queries in rolldown-vite (#872)
   • React Compiler optimizations (#734)
   • TSConfig jsxImportSource respect (#726)

4. Proper Peer Dependencies: The update correctly marks several dependencies as peer: true in package-lock.json, including:

   • @babel/core
   • react, react-dom, react-redux
   • @opentelemetry/api
   • Various TypeScript/ESLint packages

---

🔍 Notable Changes

1. Babel Core Upgrade: @babel/core updated from 7.28.3 to 7.28.5 (marked as peer dependency)
2. React Refresh: Updated from 0.17.0 to 0.18.0
3. Rolldown Plugin Utils: Updated from 1.0.0-beta.30 to 1.0.0-beta.53
4. Remapping Library: Switched from @ampproject/remapping to @jridgewell/remapping (better maintained)

---

⚠️ Considerations

1. Testing Recommendation: While this is a minor update, I recommend testing:

   • Hot Module Replacement (HMR) still works correctly in development
   • Production build completes without errors
   • React components render properly

2. No Breaking Changes: The plugin changelog indicates no breaking changes between 5.0.0 and 5.1.2.

3. Node Version Compatibility: The new version requires ^20.19.0 || >=22.12.0, which is already compatible with your current setup.

---

🧪 Suggested Testing

# Test development mode with HMR
cd frontend
npm run dev
# Verify hot reload works when editing a component

# Test production build
npm run build

# Run linting/type checking
npm run lint
npm run type-check

---

📋 Recommendation

✅ APPROVE - This is a safe, low-risk dependency update with performance improvements and bug fixes. The changes are well-documented, and the update follows semantic versioning properly.

The Renovate bot has correctly identified this as a dep:low-risk change, and I concur with that assessment.

---

Confidence: High
Risk Level: Low
Action: Safe to merge after basic smoke testing

[claude]

Pull Request Review: Update @vitejs/plugin-react to v5.1.2

Overview

This is an automated dependency update by Renovate bot, upgrading @vitejs/plugin-react from v5.0.0 to v5.1.2. This is a minor version update with several patch releases included.

---

✅ Code Quality & Best Practices

APPROVED - This PR follows excellent practices:

1. Automated Dependency Management: Using Renovate for automatic updates ensures dependencies stay current with security patches and bug fixes
2. Lock File Integrity: The package-lock.json changes are clean and properly formatted
3. Minimal Scope: Only updates the necessary dependency without unrelated changes
4. Peer Dependency Handling: Appropriately marks several Babel and React-related packages as peer dependencies

---

🔍 Analysis of Changes

Key Improvements (v5.0.0 → v5.1.2):

v5.1.2 (2025-12-08)

• Latest stable release

v5.1.1 (2025-11-12)

• Rolldown-vite compatibility improvements
• Updates to support newer build tooling

v5.1.0 (2025-10-24)

• New Feature: @vitejs/plugin-react/preamble virtual module for SSR HMR (useful if you ever implement SSR)
• Performance: Better raw Rolldown support for Rolldown 1.0.0-beta.44+

v5.0.1-5.0.4

• Multiple HMR bug fixes
• Performance optimizations for refresh wrapper generation
• Babel compiler optimizations for "use memo" annotations
• Better tsconfig jsxImportSource respect

Notable Dependency Updates:

• @babel/core: Updated from 7.28.3 → 7.28.5 (marked as peer dependency)
• react-refresh: Updated from 0.17.0 → 0.18.0
• @rolldown/pluginutils: Updated from 1.0.0-beta.30 → 1.0.0-beta.53
• Removed @ampproject/remapping in favor of @jridgewell/remapping (better maintained)

---

🐛 Potential Issues

No critical issues identified, but note:

1. Peer Dependencies: Several packages are now marked as "peer": true (React, Babel, TypeScript, etc.). This is correct behavior and shouldn't cause issues since these are already in your package.json
2. React 19 Compatibility: Your project uses React 19.1.1, and this plugin version explicitly supports it - good alignment

---

🚀 Performance Considerations

Positive Impact:

• v5.0.3-5.0.4 include specific performance improvements for refresh wrapper generation
• Rolldown optimizations may speed up builds in future Vite versions
• Skip unnecessary transform hooks when possible (v5.0.2)

No regressions expected - these are incremental improvements.

---

🔒 Security Concerns

No security issues identified:

• This is a tooling dependency (devDependency) that doesn't ship to production
• Updates come from the official Vite team repository
• Dependency chain is clean with reputable sources (Babel, jridgewell utilities)
• No known CVEs in the changelog

---

🧪 Test Coverage

Recommendations:

While the dependency update itself doesn't require new tests, I recommend:

1. ✅ Run the existing test suite to ensure no regressions:

   cd frontend
   npm run lint
   npm run type-check
   npm run build

2. ✅ Test HMR locally since this plugin handles Hot Module Replacement:

   uv run python dev.py
   # Make a small change to a React component and verify hot reload works

3. ✅ Verify production build works correctly:

   cd frontend
   npm run build

---

📋 Checklist for Merge

• CI/CD pipeline passes (if configured)
• Local build test successful (npm run build)
• Type checking passes (npm run type-check)
• Linting passes (npm run lint)
• HMR works in dev mode (npm run dev)

---

💡 Recommendations

1. MERGE: This is a safe, beneficial update with bug fixes and performance improvements
2. Auto-merge Enabled: Since Renovate has automerge enabled and this is a low-risk dependency update, allowing it to auto-merge after CI passes is appropriate
3. Monitor Post-Merge: After merging, test the dev server to ensure HMR continues working as expected

---

📚 Additional Context

According to your CLAUDE.md:

• The project uses uv run python dev.py for development with HMR
• Frontend changes should auto-refresh the browser
• The frontend is React-based with TypeScript and Vite

This update aligns perfectly with your stack and should enhance the development experience.

---

✨ Summary

Recommendation: APPROVE & MERGE

This is a clean, low-risk dependency update that:

• ✅ Fixes multiple HMR-related bugs
• ✅ Improves build performance
• ✅ Maintains React 19 compatibility
• ✅ Follows semantic versioning (minor update)
• ✅ No breaking changes
• ✅ No security concerns

The changes are well-tested by the Vite team and the broader community. Automerge is appropriate for this type of update.

[claude]

Pull Request Review: Update @vitejs/plugin-react to v5.1.2

Summary

This is a Renovate-automated dependency update that upgrades @vitejs/plugin-react from 5.0.0 to 5.1.2. This is a minor version update with bug fixes and improvements.

---

✅ Code Quality & Best Practices

Excellent:

• This is an automated dependency update following semantic versioning
• The update is scoped to dev dependencies only
• All changes are in the lockfile, which is the correct approach for dependency updates
• The PR follows proper commit conventions with the chore(deps) prefix

---

🔍 Changes Analysis

What's Being Updated:

• Main package: @vitejs/plugin-react from 5.0.0 → 5.1.2
• Indirect updates to Babel packages (7.28.3 → 7.28.5)
• Updated react-refresh (0.17.0 → 0.18.0)
• Updated @rolldown/pluginutils (1.0.0-beta.30 → 1.0.0-beta.53)

Key Improvements in v5.1.2:

1. SSR HMR runtime improvements via @vitejs/plugin-react/preamble virtual module
2. Better Rolldown 1.0.0-beta.44+ support
3. Performance optimizations for HMR and refresh wrapper generation
4. Fixed HMR issues with query imports in rolldown-vite
5. Respects tsconfig jsxImportSource
6. Optimized babel-plugin-react-compiler execution

---

🐛 Potential Issues

None Identified ✓

The changes are:

• Non-breaking (minor version update)
• Well-tested by the Vite team
• Backward compatible with your current setup

---

🚀 Performance Considerations

Positive Impact:

• Performance improvements in refresh wrapper generation (#835)
• Optimized plugin transformations in rolldown-vite (#783, #881)
• Conditional skipping of babel-plugin-react-compiler when not needed (#734, #689)

These optimizations should result in faster HMR and improved development build times.

---

🔒 Security Concerns

None ✓

• This is an official Vite plugin from the Vite team
• No known security vulnerabilities in the changelog
• The PR includes automated security scanning via Trivy (configured in CI)
• Dependencies are updated to newer, more secure versions

---

🧪 Test Coverage

Excellent CI Coverage:

Your CI pipeline will automatically verify:

• ✅ Frontend type checking (npm run type-check)
• ✅ Linting (npm run lint)
• ✅ Formatting (npm run format:check)
• ✅ Production build (npm run build)
• ✅ Docker build verification
• ✅ Security scanning with Trivy

Recommendation: The automerge is enabled and appropriate here since:

1. It's a patch/minor update
2. All CI checks will run before merge
3. No breaking changes are introduced
4. The update includes fixes and improvements

---

📋 Recommendations

1. No Action Required (Approve & Merge) ✓

This update is safe to merge once CI passes. The changes are:

• Low risk (minor version bump)
• Well-documented in the changelog
• Tested by the Vite team across multiple use cases

2. Post-Merge Verification (Optional)

After merging, you may want to verify:

cd frontend
npm install
npm run dev  # Verify HMR still works correctly
npm run build  # Verify production builds work

3. Future Consideration

Consider documenting your Renovate configuration to set merge confidence thresholds if you want more conservative automerge behavior.

---

🎯 Final Verdict

APPROVED ✅

This is a well-maintained, low-risk dependency update that brings bug fixes and performance improvements without breaking changes. The automated CI pipeline provides adequate coverage, and the automerge configuration is appropriate for this type of update.

Merge Confidence: High
Risk Level: Low
Breaking Changes: None
Action: Safe to merge once CI passes

---

📚 References

• Vite Plugin React Changelog
• Renovate Merge Confidence Documentation

---

Review generated following the guidelines in CLAUDE.md

[claude]

PR Review: Update @vitejs/plugin-react to v5.1.2

Summary

This is a Renovate bot dependency update upgrading @vitejs/plugin-react from 5.0.0 to 5.1.2. The update includes several minor versions with performance improvements, bug fixes, and better Rolldown support.

---

✅ Code Quality & Best Practices

Positive:

• Clean dependency update with no breaking changes
• Follows semantic versioning (minor version bump)
• Package-lock.json properly updated with all transitive dependencies
• Renovate configured with automerge enabled for low-risk updates

Observations:

• The update moves several dependencies to peerDependencies (e.g., @babel/core, react, redux), which is correct for a plugin
• Updated @rolldown/pluginutils from 1.0.0-beta.30 to 1.0.0-beta.53
• Updated react-refresh from 0.17.0 to 0.18.0

---

🐛 Potential Issues

None identified - This is a straightforward dependency update with:

• No code changes in the repository
• Backward compatible changes only
• Well-tested upstream releases

---

⚡ Performance Considerations

Improvements included:

1. v5.0.2: Skip transform hook completely in rolldown-vite when possible
2. v5.0.3: Simplify refresh wrapper generation
3. v5.0.4: Use native refresh wrapper plugin in rolldown-vite
4. v5.1.1: Skip babel-plugin-react-compiler on annotation mode when no "use memo" directive present

Impact: These optimizations should provide slightly faster HMR (Hot Module Replacement) and build times.

---

🔒 Security Concerns

None identified:

• No security-related changes in the changelog
• Renovate bot configured to handle security updates automatically
• CI security scanning (Trivy) will run on this PR

---

🧪 Test Coverage

CI Pipeline Coverage:
The PR will trigger:

• ✅ Frontend Checks (relevant): Type checking, linting, formatting, and build
• ✅ Docker Build Test: Ensures the frontend image builds correctly
• ✅ Security Scanning: Trivy vulnerability scan
• ⚠️ Python Tests: Not affected by this frontend-only change

Recommendation: The existing CI pipeline is sufficient for validating this change. Monitor the following:

1. Frontend build completes successfully
2. Type checking passes with updated dependencies
3. No new lint warnings/errors introduced

---

📋 Specific Changes Review

Key Dependency Updates:

1. @babel/core: 7.28.3 → 7.28.5 (peer dependency)

   • Bug fixes and improved source mapping with @jridgewell/remapping@2.3.5

2. react-refresh: 0.17.0 → 0.18.0

   • Patch updates for better React 19 compatibility (project uses React 19.1.1)

3. @rolldown/pluginutils: 1.0.0-beta.30 → 1.0.0-beta.53

   • 23 beta versions of improvements (typical for pre-1.0 packages)

Notable Fixes in Plugin:

• v5.0.3: Fixed HMR for components imported with query parameters
• v5.1.0: Added @vitejs/plugin-react/preamble for SSR HMR (not used in this project yet)
• v5.1.1: Better Rolldown support with optimizeDeps.rolldownOptions

---

✅ Final Verdict

APPROVE - This is a low-risk, well-tested dependency update that:

• ✅ Includes performance improvements
• ✅ Fixes several bugs
• ✅ Has no breaking changes
• ✅ Aligns with the project's React 19 usage
• ✅ Will be validated by comprehensive CI pipeline

Recommendations:

1. Monitor CI results - Ensure all frontend checks pass
2. Test locally (optional but recommended): Run cd frontend && npm ci && npm run dev to verify HMR works correctly during development
3. Auto-merge - Since Renovate automerge is enabled and this is marked as dep:low-risk, allow it to merge automatically once CI passes

---

No action required - this is a clean dependency update ready to merge once CI validates it.

[claude]

Pull Request Review: Update @vitejs/plugin-react to v5.1.2

Summary

This is an automated dependency update from Renovate that upgrades @vitejs/plugin-react from 5.0.0 to 5.1.2. This is a low-risk dependency update that includes bug fixes and performance improvements.

Code Quality & Best Practices - APPROVED

• Automated dependency management via Renovate
• Proper semantic versioning (minor version bump)
• Lock file properly updated with no manual edits
• No breaking changes expected for minor version updates

Changes Analysis

What's Updated:

1. @vitejs/plugin-react: 5.0.0 to 5.1.2
2. Babel dependencies: Updated to latest patch versions (7.28.x)
3. @rolldown/pluginutils: Updated to support newer rolldown-vite
4. react-refresh: 0.17.0 to 0.18.0

Key Improvements:

• v5.1.2: Latest release (2025-12-08)
• v5.1.1: Support for newer rolldown-vite versions
• v5.1.0: SSR HMR improvements
• v5.0.1-5.0.4: Various performance optimizations and HMR fixes

Potential Issues - None identified

• No code changes required in the application
• Only package-lock.json modified (expected)
• Backwards compatible changes
• Well-tested upstream releases

Performance Considerations - POSITIVE IMPACT

• Better HMR (Hot Module Replacement) performance
• Optimized refresh wrapper generation
• Native refresh wrapper plugin in rolldown-vite
• Skip transform hook optimization

Security Concerns - None

• Comes from official Vite team repository
• Has high merge confidence from Renovate
• No known security vulnerabilities reported
• Regular maintenance update with broad community usage

Test Coverage Recommendation

• The change is isolated to frontend build tooling
• No application code changes required
• Consider running npm run build and npm run dev to verify build and HMR functionality

Recommendations

1. MERGE - This is a safe, low-risk update
2. Automerge eligible - Per Renovate configuration (already enabled)
3. No manual changes needed - Lock file update is complete and correct

Verdict: APPROVED FOR MERGE

This dependency update is well-maintained, thoroughly tested upstream, and includes beneficial performance improvements. The changes are isolated to build tooling with no impact on application runtime behavior.

Next Steps:

• Can be safely auto-merged via Renovate
• No action required unless HMR/build issues arise post-merge (unlikely)
• Consider updating to Node.js 20.19+ or 22.12+ in CI if using older versions (per new engine requirements)

Review performed by Claude Code following CLAUDE.md conventions

[claude]

Code Review: @vitejs/plugin-react v5.0.0 → v5.1.2

Summary

This is a low-risk dependency update from Renovate that upgrades the Vite React plugin from 5.0.0 to 5.1.2. The update includes bug fixes, performance improvements, and compatibility enhancements for newer tooling.

✅ Positive Findings

1. Backward Compatible: All changes are minor version bumps with no breaking changes

2. Performance Improvements: Several optimizations included:

   • Simplified refresh wrapper generation (#835)
   • Native refresh wrapper plugin support for rolldown-vite (#881)
   • Skip transform hook when possible in rolldown-vite (#783)
   • Optimized compilation mode to skip babel-plugin-react-compiler when no "use memo" annotation present (#734)

3. Bug Fixes:

   • Fixed HMR for components imported with queries in rolldown-vite (#872)
   • Fixed RefreshRuntime being injected twice for class components (#708)
   • Fixed reactRefreshHost option on rolldown-vite (#716)
   • Respects tsconfig jsxImportSource (#726)

4. Dependency Updates: Babel core and related packages updated to latest stable versions (7.28.x series)

5. New Feature: Added @vitejs/plugin-react/preamble virtual module for SSR HMR (#890) - won't affect this project unless you implement SSR

🔍 Review Notes

Code Quality: ✅ Auto-generated lock file changes only, no manual code changes needed

Security: ✅ No security vulnerabilities introduced. This is a maintenance update from the official Vite team

Testing: ⚠️ Recommend testing:

• HMR (hot module replacement) still works during development
• Production build completes successfully
• No console errors in dev mode

Performance: ✅ Multiple performance optimizations included, especially for dev mode

Compatibility: ✅ Node engine requirement updated to ^20.19.0 || >=22.12.0 which matches modern standards

📝 Recommendations

1. Approve and merge: This is a safe, low-risk update with clear benefits
2. Test locally (optional but recommended):
   • cd frontend && npm install
   • npm run dev to verify HMR works
   • npm run build to verify production build
3. Enable automerge: Renovate has automerge enabled, which is appropriate for low-risk dependency updates like this

🎯 Action Items

• Review passes automated checks
• Optional: Manual testing of dev and build workflows
• Merge when ready

Verdict: LGTM ✅ - Safe to merge