chore(deps-dev): bump vite-tsconfig-paths from 5.1.4 to 6.0.1

[dependabot]

Bumps vite-tsconfig-paths from 5.1.4 to 6.0.1.

Release notes

Sourced from vite-tsconfig-paths's releases.

v6.0.0

Highlights

• On-demand tsconfig discovery via projectDiscovery: "lazy", while eager discovery remains the default.
• tsconfig/jsconfig files are watched and reloaded automatically in both modes, including during vite build --watch.
• New logFile option for per-import resolution traces (pass true for vite-tsconfig-paths.log or provide a path).
• Support for root /* aliases and other absolute-style imports.
• Support for .astro files when allowJs/loose is enabled.

Fixes

• More reliable tsconfig watching and resolver refreshes: handles lazy discovery edge cases, recreates resolvers after file changes, tolerates missing directories, and copes better with virtual importers.
• Windows path handling now normalizes drive-letter casing to avoid missed matches (#183).

Upgrade notes

• Install the stable release: pnpm add -D vite-tsconfig-paths.
• Opt into lazy discovery or logging when needed:

import tsconfigPaths from 'vite-tsconfig-paths'
export default {
plugins: [
tsconfigPaths({
projectDiscovery: 'lazy',
logFile: true,
}),
],
}

• Rooted path patterns such as "/*": ["src/*"] now resolve the same way tsserver does.

v6.0.0-beta.4

• fix(windows): ensure drive letter is uppercase (#183)
• feat: add .astro to JS-like extension regex (fbbc8edb86606c612565a6672c8e0ae93f0001a0)

v6.0.0-beta.3

• Added support for /* path aliases. (#101)

v6.0.0-beta.2

• Added a new logFile option.
  Pass logFile: true and the plugin will create a vite-tsconfig-paths.log file in your working directory.

  Using DEBUG=vite-tsconfig-paths in the past has worked pretty well, but it isn't always the most readable. In v6 and above, this plugin will still have debug logs using this approach, but module resolution will only be logged through the new logFile option. The log file will be comprehensive (as in, every import that vite-tsconfig-paths receives will be logged). If an import goes unhandled by this plugin, the reason will be logged. If an import is resolved, the resolved path and the tsconfig path are both logged. In fact, every possible code path (in the context of module resolution) is logged to the log file.

• Universal support for tsconfig reloading.
  Whether you're using projectDiscovery: "lazy" or eager loading, this plugin should now be able to watch and reload tsconfig files when you make changes to them. This feature hasn't been rigorously tested yet. Please report issues you come across.

... (truncated)

Commits

• 9625d21 chore: release v6.0.1
• ea57709 fix: ensure getResolvers is never undefined
• afb6ab9 chore(docs): tweak readme
• 3951713 chore(docs): fix grammar
• 17110f1 chore: release v6.0.0
• 9a39620 chore(docs): update readme for v6
• 87890d0 chore(docs): add new section to readme
• 08677af feat(refactor): narrow the plugin type to avoid conflicts
• 5ce91a3 chore: release v6.0.0-beta.4
• 80b4c63 fix(windows): ensure drive letter is uppercase (#183)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	synapse-dev	b006a8f	Commit Preview URL Branch Preview URL	Dec 17 2025, 02:58 PM

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​hugomrdias/​docs@​0.1.10
	expressive-code-twoslash@​0.5.3
	rehype-external-links@​3.0.0
	@​astrojs/​starlight@​0.37.1
	astro@​5.16.6
	sharp@​0.34.5
	astro-mermaid@​1.2.0
	mermaid@​11.12.2

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring alerts on:

• [email protected]

View full report

[rvagg]

@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]

These both look like false positives to me, something about their obfuscation detection heuristic is being picked up by files in here.

https://socket.dev/npm/package/safer-buffer/files/2.1.2/safer.js
https://socket.dev/npm/package/markdown-it/files/14.1.0

[dependabot]

A newer version of vite-tsconfig-paths exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[rjan90]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[rvagg]

I'm fine with this but would like #537 first

[rjan90]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[rjan90]

Merging since #537 has landed