vite 5.4.11 → 5.4.13

package/dist/client/client.mjs

@@ -500,6 +500,7 @@ const hmrPort = __HMR_PORT__;
 const socketHost = `${__HMR_HOSTNAME__ || importMetaUrl.hostname}:${hmrPort || importMetaUrl.port}${__HMR_BASE__}`;
 const directSocketHost = __HMR_DIRECT_TARGET__;
 const base = __BASE__ || "/";
+const wsToken = __WS_TOKEN__;
 let socket;
 try {
   let fallback;
@@ -532,7 +533,10 @@ Check out your Vite / network configuration and https://vite.dev/config/server-o
   console.error(`[vite] failed to connect to websocket (${error}). `);
 }
 function setupWebSocket(protocol, hostAndPath, onCloseWithoutOpen) {
-  const socket2 = new WebSocket(`${protocol}://${hostAndPath}`, "vite-hmr");
+  const socket2 = new WebSocket(
+    `${protocol}://${hostAndPath}?token=${wsToken}`,
+    "vite-hmr"
+  );
   let isOpened = false;
   socket2.addEventListener(
     "open",

package/dist/node/chunks/{dep-C6EFp3uH.js → dep-CT-NxJFJ.js}

@@ -1,4 +1,4 @@
-import { B as getDefaultExportFromCjs } from './dep-CB_7IfJ-.js';
+import { B as getDefaultExportFromCjs } from './dep-Cjmyj91f.js';
 import require$$0 from 'path';
 import require$$0__default from 'fs';
 import { l as lib } from './dep-IQS-Za7F.js';

package/dist/node/chunks/{dep-CB_7IfJ-.js → dep-Cjmyj91f.js}

@@ -6,6 +6,7 @@ import { fileURLToPath, URL as URL$3, parse as parse$h, pathToFileURL } from 'no
 import { promisify as promisify$4, format as format$2, inspect } from 'node:util';
 import { performance as performance$1 } from 'node:perf_hooks';
 import { createRequire as createRequire$1, builtinModules } from 'node:module';
+import crypto$2, { createHash as createHash$2 } from 'node:crypto';
 import require$$0$3 from 'tty';
 import require$$0$4, { win32, posix, isAbsolute, resolve as resolve$3, relative as relative$1, basename as basename$1, extname, dirname as dirname$1, join as join$1, sep as sep$1, normalize as normalize$1 } from 'path';
 import esbuild, { transform as transform$1, formatMessages, build as build$3 } from 'esbuild';
@@ -27,7 +28,6 @@ import require$$0$6 from 'stream';
 import require$$2 from 'os';
 import require$$2$1 from 'child_process';
 import os$5 from 'node:os';
-import { createHash as createHash$2 } from 'node:crypto';
 import { promises } from 'node:dns';
 import require$$3$1 from 'crypto';
 import require$$0$8, { createRequire as createRequire$2 } from 'module';
@@ -42,6 +42,7 @@ import zlib$1 from 'zlib';
 import require$$0$a from 'buffer';
 import require$$1$1 from 'https';
 import require$$4$2 from 'tls';
+import net$1 from 'node:net';
 import require$$4$3 from 'assert';
 import { gzip } from 'node:zlib';
 
@@ -36990,8 +36991,8 @@ function createCachedImport(imp) {
     return cached;
   };
 }
-const importPostcssImport = createCachedImport(() => import('./dep-C6EFp3uH.js').then(function (n) { return n.i; }));
-const importPostcssModules = createCachedImport(() => import('./dep-Ba1kN6Mp.js').then(function (n) { return n.i; }));
+const importPostcssImport = createCachedImport(() => import('./dep-CT-NxJFJ.js').then(function (n) { return n.i; }));
+const importPostcssModules = createCachedImport(() => import('./dep-Dzr4bp1s.js').then(function (n) { return n.i; }));
 const importPostcss = createCachedImport(() => import('postcss'));
 const preprocessorWorkerControllerCache = /* @__PURE__ */ new WeakMap();
 let alwaysFakeWorkerWorkerControllerCache;
@@ -47496,8 +47497,9 @@ function clientInjectionsPlugin(config) {
       const hmrTimeoutReplacement = escapeReplacement(timeout);
       const hmrEnableOverlayReplacement = escapeReplacement(overlay);
       const hmrConfigNameReplacement = escapeReplacement(hmrConfigName);
+      const wsTokenReplacement = escapeReplacement(config.webSocketToken);
       injectConfigValues = (code) => {
-        return code.replace(`__MODE__`, modeReplacement).replace(/__BASE__/g, baseReplacement).replace(`__DEFINES__`, definesReplacement).replace(`__SERVER_HOST__`, serverHostReplacement).replace(`__HMR_PROTOCOL__`, hmrProtocolReplacement).replace(`__HMR_HOSTNAME__`, hmrHostnameReplacement).replace(`__HMR_PORT__`, hmrPortReplacement).replace(`__HMR_DIRECT_TARGET__`, hmrDirectTargetReplacement).replace(`__HMR_BASE__`, hmrBaseReplacement).replace(`__HMR_TIMEOUT__`, hmrTimeoutReplacement).replace(`__HMR_ENABLE_OVERLAY__`, hmrEnableOverlayReplacement).replace(`__HMR_CONFIG_NAME__`, hmrConfigNameReplacement);
+        return code.replace(`__MODE__`, modeReplacement).replace(/__BASE__/g, baseReplacement).replace(`__DEFINES__`, definesReplacement).replace(`__SERVER_HOST__`, serverHostReplacement).replace(`__HMR_PROTOCOL__`, hmrProtocolReplacement).replace(`__HMR_HOSTNAME__`, hmrHostnameReplacement).replace(`__HMR_PORT__`, hmrPortReplacement).replace(`__HMR_DIRECT_TARGET__`, hmrDirectTargetReplacement).replace(`__HMR_BASE__`, hmrBaseReplacement).replace(`__HMR_TIMEOUT__`, hmrTimeoutReplacement).replace(`__HMR_ENABLE_OVERLAY__`, hmrEnableOverlayReplacement).replace(`__HMR_CONFIG_NAME__`, hmrConfigNameReplacement).replace(`__WS_TOKEN__`, wsTokenReplacement);
       };
     },
     async transform(code, id, options) {
@@ -59175,6 +59177,103 @@ function abortHandshakeOrEmitwsClientError(server, req, socket, code, message) {
 
 var WebSocketServerRaw_ = /*@__PURE__*/getDefaultExportFromCjs(websocketServer);
 
+const allowedHostsCache = /* @__PURE__ */ new WeakMap();
+const isFileOrExtensionProtocolRE = /^(?:file|.+-extension):/i;
+function getAdditionalAllowedHosts(resolvedServerOptions, resolvedPreviewOptions) {
+  const list = [];
+  if (typeof resolvedServerOptions.host === "string" && resolvedServerOptions.host) {
+    list.push(resolvedServerOptions.host);
+  }
+  if (typeof resolvedServerOptions.hmr === "object" && resolvedServerOptions.hmr.host) {
+    list.push(resolvedServerOptions.hmr.host);
+  }
+  if (typeof resolvedPreviewOptions.host === "string" && resolvedPreviewOptions.host) {
+    list.push(resolvedPreviewOptions.host);
+  }
+  if (resolvedServerOptions.origin) {
+    try {
+      const serverOriginUrl = new URL(resolvedServerOptions.origin);
+      list.push(serverOriginUrl.hostname);
+    } catch {
+    }
+  }
+  return list;
+}
+function isHostAllowedWithoutCache(allowedHosts, additionalAllowedHosts, host) {
+  if (isFileOrExtensionProtocolRE.test(host)) {
+    return true;
+  }
+  const trimmedHost = host.trim();
+  if (trimmedHost[0] === "[") {
+    const endIpv6 = trimmedHost.indexOf("]");
+    if (endIpv6 < 0) {
+      return false;
+    }
+    return net$1.isIP(trimmedHost.slice(1, endIpv6)) === 6;
+  }
+  const colonPos = trimmedHost.indexOf(":");
+  const hostname = colonPos === -1 ? trimmedHost : trimmedHost.slice(0, colonPos);
+  if (net$1.isIP(hostname) === 4) {
+    return true;
+  }
+  if (hostname === "localhost" || hostname.endsWith(".localhost")) {
+    return true;
+  }
+  for (const additionalAllowedHost of additionalAllowedHosts) {
+    if (additionalAllowedHost === hostname) {
+      return true;
+    }
+  }
+  for (const allowedHost of allowedHosts) {
+    if (allowedHost === hostname) {
+      return true;
+    }
+    if (allowedHost[0] === "." && (allowedHost.slice(1) === hostname || hostname.endsWith(allowedHost))) {
+      return true;
+    }
+  }
+  return false;
+}
+function isHostAllowed(config, host) {
+  if (config.server.allowedHosts === true) {
+    return true;
+  }
+  if (!allowedHostsCache.has(config)) {
+    allowedHostsCache.set(config, /* @__PURE__ */ new Set());
+  }
+  const allowedHosts = allowedHostsCache.get(config);
+  if (allowedHosts.has(host)) {
+    return true;
+  }
+  const result = isHostAllowedWithoutCache(
+    config.server.allowedHosts ?? [],
+    config.additionalAllowedHosts,
+    host
+  );
+  if (result) {
+    allowedHosts.add(host);
+  }
+  return result;
+}
+function hostCheckMiddleware(config) {
+  return function viteHostCheckMiddleware(req, res, next) {
+    const hostHeader = req.headers.host;
+    if (!hostHeader || !isHostAllowed(config, hostHeader)) {
+      const hostname = hostHeader?.replace(/:\d+$/, "");
+      const hostnameWithQuotes = JSON.stringify(hostname);
+      res.writeHead(403, {
+        "Content-Type": "text/plain"
+      });
+      res.end(
+        `Blocked request. This host (${hostnameWithQuotes}) is not allowed.
+To allow this host, add ${hostnameWithQuotes} to \`server.allowedHosts\` in vite.config.js.`
+      );
+      return;
+    }
+    return next();
+  };
+}
+
 const WebSocketServerRaw = process.versions.bun ? (
   // @ts-expect-error: Bun defines `import.meta.require`
   import.meta.require("ws").WebSocketServer
@@ -59189,6 +59288,19 @@ const wsServerEvents = [
 ];
 function noop$1() {
 }
+function hasValidToken(config, url) {
+  const token = url.searchParams.get("token");
+  if (!token) return false;
+  try {
+    const isValidToken = crypto$2.timingSafeEqual(
+      Buffer.from(token),
+      Buffer.from(config.webSocketToken)
+    );
+    return isValidToken;
+  } catch {
+  }
+  return false;
+}
 function createWebSocketServer(server, config, httpsOptions) {
   if (config.server.ws === false) {
     return {
@@ -59204,7 +59316,6 @@ function createWebSocketServer(server, config, httpsOptions) {
       send: noop$1
     };
   }
-  let wss;
   let wsHttpServer = void 0;
   const hmr = isObject$1(config.server.hmr) && config.server.hmr;
   const hmrServer = hmr && hmr.server;
@@ -59216,18 +59327,37 @@ function createWebSocketServer(server, config, httpsOptions) {
   const clientsMap = /* @__PURE__ */ new WeakMap();
   const port = hmrPort || 24678;
   const host = hmr && hmr.host || void 0;
+  const shouldHandle = (req) => {
+    const hostHeader = req.headers.host;
+    if (!hostHeader || !isHostAllowed(config, hostHeader)) {
+      return false;
+    }
+    if (config.legacy?.skipWebSocketTokenCheck) {
+      return true;
+    }
+    if (req.headers.origin) {
+      const parsedUrl = new URL(`http://example.com${req.url}`);
+      return hasValidToken(config, parsedUrl);
+    }
+    return true;
+  };
+  const handleUpgrade = (req, socket, head, _isPing) => {
+    wss.handleUpgrade(req, socket, head, (ws) => {
+      wss.emit("connection", ws, req);
+    });
+  };
+  const wss = new WebSocketServerRaw({ noServer: true });
+  wss.shouldHandle = shouldHandle;
   if (wsServer) {
     let hmrBase = config.base;
     const hmrPath = hmr ? hmr.path : void 0;
     if (hmrPath) {
       hmrBase = path$n.posix.join(hmrBase, hmrPath);
     }
-    wss = new WebSocketServerRaw({ noServer: true });
     hmrServerWsListener = (req, socket, head) => {
-      if (req.headers["sec-websocket-protocol"] === HMR_HEADER && req.url === hmrBase) {
-        wss.handleUpgrade(req, socket, head, (ws) => {
-          wss.emit("connection", ws, req);
-        });
+      const parsedUrl = new URL(`http://example.com${req.url}`);
+      if (req.headers["sec-websocket-protocol"] === HMR_HEADER && parsedUrl.pathname === hmrBase) {
+        handleUpgrade(req, socket, head);
       }
     };
     wsServer.on("upgrade", hmrServerWsListener);
@@ -59248,7 +59378,23 @@ function createWebSocketServer(server, config, httpsOptions) {
     } else {
       wsHttpServer = createServer$3(route);
     }
-    wss = new WebSocketServerRaw({ server: wsHttpServer });
+    wsHttpServer.on("upgrade", (req, socket, head) => {
+      handleUpgrade(req, socket, head);
+    });
+    wsHttpServer.on("error", (e) => {
+      if (e.code === "EADDRINUSE") {
+        config.logger.error(
+          colors$1.red(`WebSocket server error: Port is already in use`),
+          { error: e }
+        );
+      } else {
+        config.logger.error(
+          colors$1.red(`WebSocket server error:
+${e.stack || e.message}`),
+          { error: e }
+        );
+      }
+    });
   }
   wss.on("connection", (socket) => {
     socket.on("message", (raw) => {
@@ -63083,9 +63229,13 @@ async function _createServer(inlineConfig = {}, options) {
     middlewares.use(timeMiddleware(root));
   }
   const { cors } = serverConfig;
-  if (cors !== false) {
+  if (cors !== void 0 && cors !== false) {
     middlewares.use(corsMiddleware(typeof cors === "boolean" ? {} : cors));
   }
+  const { allowedHosts } = serverConfig;
+  if (allowedHosts !== true && !serverConfig.https) {
+    middlewares.use(hostCheckMiddleware(config));
+  }
   middlewares.use(cachedTransformMiddleware(server));
   const { proxy } = serverConfig;
   if (proxy) {
@@ -65943,6 +66093,7 @@ function resolvePreviewOptions(preview2, server) {
     port: preview2?.port,
     strictPort: preview2?.strictPort ?? server.strictPort,
     host: preview2?.host ?? server.host,
+    allowedHosts: preview2?.allowedHosts ?? server.allowedHosts,
     https: preview2?.https ?? server.https,
     open: preview2?.open ?? server.open,
     proxy: preview2?.proxy ?? server.proxy,
@@ -66010,9 +66161,13 @@ async function preview(inlineConfig = {}) {
     postHooks.push(await hook(server));
   }
   const { cors } = config.preview;
-  if (cors !== false) {
+  if (cors !== void 0 && cors !== false) {
     app.use(corsMiddleware(typeof cors === "boolean" ? {} : cors));
   }
+  const { allowedHosts } = config.preview;
+  if (allowedHosts !== true && !config.preview.https) {
+    app.use(hostCheckMiddleware(config));
+  }
   const { proxy } = config.preview;
   if (proxy) {
     app.use(proxyMiddleware(httpServer, proxy, config));
@@ -66329,6 +66484,7 @@ async function resolveConfig(inlineConfig, command, defaultMode = "development",
     rollupOptions: config.worker?.rollupOptions || {}
   };
   const base = withTrailingSlash(resolvedBase);
+  const preview = resolvePreviewOptions(config.preview, server);
   resolved = {
     configFile: configFile ? normalizePath$3(configFile) : void 0,
     configFileDependencies: configFileDependencies.map(
@@ -66357,7 +66513,7 @@ async function resolveConfig(inlineConfig, command, defaultMode = "development",
     },
     server,
     build: resolvedBuildOptions,
-    preview: resolvePreviewOptions(config.preview, server),
+    preview,
     envDir,
     env: {
       ...userEnv,
@@ -66387,6 +66543,13 @@ async function resolveConfig(inlineConfig, command, defaultMode = "development",
       hmrPartialAccept: false,
       ...config.experimental
     },
+    // random 72 bits (12 base64 chars)
+    // at least 64bits is recommended
+    // https://owasp.org/www-community/vulnerabilities/Insufficient_Session-ID_Length
+    webSocketToken: Buffer.from(
+      crypto$2.getRandomValues(new Uint8Array(9))
+    ).toString("base64url"),
+    additionalAllowedHosts: getAdditionalAllowedHosts(server, preview),
     getSortedPlugins: void 0,
     getSortedPluginHooks: void 0
   };

package/dist/node/chunks/{dep-Ba1kN6Mp.js → dep-Dzr4bp1s.js}

@@ -1,4 +1,4 @@
-import { C as commonjsGlobal, B as getDefaultExportFromCjs } from './dep-CB_7IfJ-.js';
+import { C as commonjsGlobal, B as getDefaultExportFromCjs } from './dep-Cjmyj91f.js';
 import require$$0__default from 'fs';
 import require$$0 from 'postcss';
 import require$$0$1 from 'path';

package/dist/node/cli.js

@@ -2,12 +2,13 @@ import path from 'node:path';
 import fs__default from 'node:fs';
 import { performance } from 'node:perf_hooks';
 import { EventEmitter } from 'events';
-import { A as colors, v as createLogger, r as resolveConfig } from './chunks/dep-CB_7IfJ-.js';
+import { A as colors, v as createLogger, r as resolveConfig } from './chunks/dep-Cjmyj91f.js';
 import { VERSION } from './constants.js';
 import 'node:fs/promises';
 import 'node:url';
 import 'node:util';
 import 'node:module';
+import 'node:crypto';
 import 'tty';
 import 'path';
 import 'esbuild';
@@ -26,7 +27,6 @@ import 'stream';
 import 'os';
 import 'child_process';
 import 'node:os';
-import 'node:crypto';
 import 'node:dns';
 import 'crypto';
 import 'module';
@@ -41,6 +41,7 @@ import 'zlib';
 import 'buffer';
 import 'https';
 import 'tls';
+import 'node:net';
 import 'assert';
 import 'node:zlib';
 
@@ -730,7 +731,7 @@ cli.command("[root]", "start dev server").alias("serve").alias("dev").option("--
   `[boolean] force the optimizer to ignore the cache and re-bundle`
 ).action(async (root, options) => {
   filterDuplicateOptions(options);
-  const { createServer } = await import('./chunks/dep-CB_7IfJ-.js').then(function (n) { return n.E; });
+  const { createServer } = await import('./chunks/dep-Cjmyj91f.js').then(function (n) { return n.E; });
   try {
     const server = await createServer({
       root,
@@ -822,7 +823,7 @@ cli.command("build [root]", "build for production").option("--target <target>",
   `[boolean] force empty outDir when it's outside of root`
 ).option("-w, --watch", `[boolean] rebuilds when modules have changed on disk`).action(async (root, options) => {
   filterDuplicateOptions(options);
-  const { build } = await import('./chunks/dep-CB_7IfJ-.js').then(function (n) { return n.F; });
+  const { build } = await import('./chunks/dep-Cjmyj91f.js').then(function (n) { return n.F; });
   const buildOptions = cleanOptions(options);
   try {
     await build({
@@ -851,7 +852,7 @@ cli.command("optimize [root]", "pre-bundle dependencies").option(
 ).action(
   async (root, options) => {
     filterDuplicateOptions(options);
-    const { optimizeDeps } = await import('./chunks/dep-CB_7IfJ-.js').then(function (n) { return n.D; });
+    const { optimizeDeps } = await import('./chunks/dep-Cjmyj91f.js').then(function (n) { return n.D; });
     try {
       const config = await resolveConfig(
         {
@@ -877,7 +878,7 @@ ${e.stack}`),
 cli.command("preview [root]", "locally preview production build").option("--host [host]", `[string] specify hostname`, { type: [convertHost] }).option("--port <port>", `[number] specify port`).option("--strictPort", `[boolean] exit if specified port is already in use`).option("--open [path]", `[boolean | string] open browser on startup`).option("--outDir <dir>", `[string] output directory (default: dist)`).action(
   async (root, options) => {
     filterDuplicateOptions(options);
-    const { preview } = await import('./chunks/dep-CB_7IfJ-.js').then(function (n) { return n.G; });
+    const { preview } = await import('./chunks/dep-Cjmyj91f.js').then(function (n) { return n.G; });
     try {
       const server = await preview({
         root,

package/dist/node/index.d.ts

@@ -669,6 +669,18 @@ interface CommonServerOptions {
      * Set to 0.0.0.0 to listen on all addresses, including LAN and public addresses.
      */
     host?: string | boolean;
+    /**
+     * The hostnames that Vite is allowed to respond to.
+     * `localhost` and subdomains under `.localhost` and all IP addresses are allowed by default.
+     * When using HTTPS, this check is skipped.
+     *
+     * If a string starts with `.`, it will allow that hostname without the `.` and all subdomains under the hostname.
+     * For example, `.example.com` will allow `example.com`, `foo.example.com`, and `foo.bar.example.com`.
+     *
+     * If set to `true`, the server is allowed to respond to requests for any hosts.
+     * This is not recommended as it will be vulnerable to DNS rebinding attacks.
+     */
+    allowedHosts?: string[] | true;
     /**
      * Enable TLS + HTTP/2.
      * Note: this downgrades to TLS only when the proxy option is also used.
@@ -704,8 +716,14 @@ interface CommonServerOptions {
     /**
      * Configure CORS for the dev server.
      * Uses https://github.com/expressjs/cors.
+     *
+     * When enabling this option, **we recommend setting a specific value
+     * rather than `true`** to avoid exposing the source code to untrusted origins.
+     *
      * Set to `true` to allow all methods from any origin, or configure separately
      * using an object.
+     *
+     * @default false
      */
     cors?: CorsOptions | boolean;
     /**
@@ -717,6 +735,12 @@ interface CommonServerOptions {
  * https://github.com/expressjs/cors#configuration-options
  */
 interface CorsOptions {
+    /**
+     * Configures the Access-Control-Allow-Origin CORS header.
+     *
+     * **We recommend setting a specific value rather than
+     * `true`** to avoid exposing the source code to untrusted origins.
+     */
     origin?: CorsOrigin | ((origin: string | undefined, cb: (err: Error, origins: CorsOrigin) => void) => void);
     methods?: string | string[];
     allowedHeaders?: string | string[];
@@ -3402,6 +3426,18 @@ interface LegacyOptions {
      * https://github.com/vitejs/vite/discussions/14697.
      */
     proxySsrExternalModules?: boolean;
+    /**
+     * In Vite 6.0.8 / 5.4.11 and below, WebSocket server was able to connect from any web pages. However,
+     * that could be exploited by a malicious web page.
+     *
+     * In Vite 6.0.9+ / 5.4.12+, the WebSocket server now requires a token to connect from a web page.
+     * But this may break some plugins and frameworks that connects to the WebSocket server
+     * on their own. Enabling this option will make Vite skip the token check.
+     *
+     * **We do not recommend enabling this option unless you are sure that you are fine with
+     * that security weakness.**
+     */
+    skipWebSocketTokenCheck?: boolean;
 }
 interface ResolvedWorkerOptions {
     format: 'es' | 'iife';
@@ -3443,6 +3479,17 @@ type ResolvedConfig = Readonly<Omit<UserConfig, 'plugins' | 'css' | 'assetsInclu
     worker: ResolvedWorkerOptions;
     appType: AppType;
     experimental: ExperimentalOptions;
+    /**
+     * The token to connect to the WebSocket server from browsers.
+     *
+     * We recommend using `import.meta.hot` rather than connecting
+     * to the WebSocket server directly.
+     * If you have a usecase that requires connecting to the WebSocket
+     * server, please create an issue so that we can discuss.
+     *
+     * @deprecated
+     */
+    webSocketToken: string;
 } & PluginHookUtils>;
 interface PluginHookUtils {
     getSortedPlugins: <K extends keyof Plugin>(hookName: K) => PluginWithRequiredHook<K>[];

package/dist/node/index.js

@@ -1,6 +1,6 @@
 export { parseAst, parseAstAsync } from 'rollup/parseAst';
-import { i as isInNodeModules, a as arraify } from './chunks/dep-CB_7IfJ-.js';
-export { b as build, g as buildErrorMessage, k as createFilter, v as createLogger, c as createServer, d as defineConfig, h as fetchModule, f as formatPostcssSourceMap, x as isFileServingAllowed, l as loadConfigFromFile, y as loadEnv, j as mergeAlias, m as mergeConfig, n as normalizePath, o as optimizeDeps, e as preprocessCSS, p as preview, r as resolveConfig, z as resolveEnvPrefix, q as rollupVersion, w as searchForWorkspaceRoot, u as send, s as sortUserPlugins, t as transformWithEsbuild } from './chunks/dep-CB_7IfJ-.js';
+import { i as isInNodeModules, a as arraify } from './chunks/dep-Cjmyj91f.js';
+export { b as build, g as buildErrorMessage, k as createFilter, v as createLogger, c as createServer, d as defineConfig, h as fetchModule, f as formatPostcssSourceMap, x as isFileServingAllowed, l as loadConfigFromFile, y as loadEnv, j as mergeAlias, m as mergeConfig, n as normalizePath, o as optimizeDeps, e as preprocessCSS, p as preview, r as resolveConfig, z as resolveEnvPrefix, q as rollupVersion, w as searchForWorkspaceRoot, u as send, s as sortUserPlugins, t as transformWithEsbuild } from './chunks/dep-Cjmyj91f.js';
 export { VERSION as version } from './constants.js';
 export { version as esbuildVersion } from 'esbuild';
 import { existsSync, readFileSync } from 'node:fs';
@@ -11,6 +11,7 @@ import 'node:url';
 import 'node:util';
 import 'node:perf_hooks';
 import 'node:module';
+import 'node:crypto';
 import 'tty';
 import 'path';
 import 'fs';
@@ -29,7 +30,6 @@ import 'stream';
 import 'os';
 import 'child_process';
 import 'node:os';
-import 'node:crypto';
 import 'node:dns';
 import 'crypto';
 import 'module';
@@ -43,6 +43,7 @@ import 'zlib';
 import 'buffer';
 import 'https';
 import 'tls';
+import 'node:net';
 import 'assert';
 import 'node:zlib';
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vite",
-  "version": "5.4.11",
+  "version": "5.4.13",
   "type": "module",
   "license": "MIT",
   "author": "Evan You",