Bump @vitejs/plugin-react-swc from 3.11.0 to 4.2.2 in /app

[dependabot]

Bumps @vitejs/plugin-react-swc from 3.11.0 to 4.2.2.

Release notes

Sourced from @​vitejs/plugin-react-swc's releases.

[email protected]

Update code to support newer rolldown-vite (#978)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

[email protected]

Remove generic parameter on Plugin to avoid type error with Rollup 4/Vite 5 and skipLibCheck: false.

I expect very few people to currently use this feature, but if you are extending the React plugin via api object, you can get back the typing of the hook by importing ViteReactPluginApi:

import type { Plugin } from 'vite'
import type { ViteReactPluginApi } from '@vitejs/plugin-react'
export const somePlugin: Plugin = {
name: 'some-plugin',
api: {
reactBabel: (babelConfig) => {
babelConfig.plugins.push('some-babel-plugin')
},
} satisfies ViteReactPluginApi,
}

[email protected]

Fix @vitejs/plugin-react-swc/preamble on build (#962)

[email protected]

Update peer dependency range to target Vite 5

There were no breaking change that impacted this plugin, so any combination of React plugins and Vite core version will work.

Align jsx runtime for optimized dependencies

This will only affect people using internal libraries that contains untranspiled JSX. This change aligns the optimizer with the source code and avoid issues when the published source don't have React in the scope.

Reminder: While being partially supported in Vite, publishing TS & JSX outside of internal libraries is highly discouraged.

[email protected]

Add @vitejs/plugin-react-swc/preamble virtual module for SSR HMR (#890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react-swc/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Use SWC when useAtYourOwnRisk_mutateSwcOptions is provided (#951)

Previously, this plugin did not use SWC if plugins were not provided even if useAtYourOwnRisk_mutateSwcOptions was provided. This is now fixed.

[email protected]

• Enable retainLines to get correct line numbers for jsxDev (fix #235)

... (truncated)

Changelog

Sourced from @​vitejs/plugin-react-swc's changelog.

4.2.2 (2025-11-12)

Update code to support newer rolldown-vite (#978)

rolldown-vite will remove optimizeDeps.rollupOptions in favor of optimizeDeps.rolldownOptions soon. This plugin now uses optimizeDeps.rolldownOptions to support newer rolldown-vite. Please update rolldown-vite to the latest version if you are using an older version.

4.2.1 (2025-11-05)

Fix @vitejs/plugin-react-swc/preamble on build (#962)

4.2.0 (2025-10-24)

Add @vitejs/plugin-react-swc/preamble virtual module for SSR HMR (#890)

SSR applications can now initialize HMR runtime by importing @vitejs/plugin-react-swc/preamble at the top of their client entry instead of manually calling transformIndexHtml. This simplifies SSR setup for applications that don't use the transformIndexHtml API.

Use SWC when useAtYourOwnRisk_mutateSwcOptions is provided (#951)

Previously, this plugin did not use SWC if plugins were not provided even if useAtYourOwnRisk_mutateSwcOptions was provided. This is now fixed.

4.1.0 (2025-09-17)

Set SWC cacheRoot options

This is set to {viteCacheDir}/swc and override the default of .swc.

Perf: simplify refresh wrapper generation (#835)

4.0.1 (2025-08-19)

Set optimizeDeps.rollupOptions.transform.jsx instead of optimizeDeps.rollupOptions.jsx for rolldown-vite (#735)

optimizeDeps.rollupOptions.jsx is going to be deprecated in favor of optimizeDeps.rollupOptions.transform.jsx.

4.0.0 (2025-08-07)

4.0.0-beta.0 (2025-07-28)

Require Node 20.19+, 22.12+

This plugin now requires Node 20.19+ or 22.12+.

Commits

• 5e600a3 release: [email protected]
• bcc7db0 chore: add changelog for #976 and #978
• 17fdcc8 fix(react-swc,react-oxc): use rolldownOptions instead of deprecated rollupOpt...
• fc76c72 chore(deps): update dependency @​types/node to v24 (#970)
• 41cb823 fix(deps): update all non-major dependencies (#968)
• 51160f3 release: [email protected]
• 0f5c8b4 chore(react-swc): add changelog (#963)
• 897a3be fix(react-swc): fix @vitejs/plugin-react-swc/preamble on build (#962)
• 9cabe27 fix(deps): update all non-major dependencies (#960)
• b5f471f chore(deps): update swc monorepo (#954)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​vitejs/plugin-react-swc since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[overcut-ai]

Completed Working on "Code Review"

✅ Review submitted: REQUEST_CHANGES. Total comments: 1 across 1 files.

---

👉 View complete log

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@rolldown/pluginutils	1.0.0-beta.47	Unknown	Unknown
npm/@vitejs/plugin-react-swc	4.2.2	🟢 7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 2/19 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 7 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9 Vulnerabilities 🟢 6 4 existing vulnerabilities detected

Scanned Files

• app/package-lock.json

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[overcut-ai]

Code review completed and review will be submitted shortly. Thank you for your patience!

[overcut-ai]

Summary

• 1 comment (MAJOR) covering the Node runtime compatibility risk introduced by this dependency bump.

Details

Upgrading @vitejs/plugin-react-swc to 4.2.2 now requires Node ^20.19.0 || >=22.12.0, but this repo still runs builds/tests on Node 18 (per the lockfile engines entry and the current CI workflow). npm ci will begin failing in CI and for every developer still on Node 18 as soon as this lands.

Next steps

• Align the project tooling with the new engine requirement (update CI to install Node ≥20.19, document the new minimum version, etc.) or pin the plugin to the latest 3.x release until the Node upgrade work is complete.

[overcut-ai]

[MAJOR]: Upgrading @vitejs/plugin-react-swc to 4.2.2 now inherits the plugin’s new engines requirement of Node ^20.19 || >=22.12 (see the engines block added for this dependency in app/package-lock.json). Our repo still targets Node 18 in docs/CI, so npm ci/npm run build will fail with EBADENGINE before tests execute. Please either keep the plugin on 3.11.0 or, preferably, bump the project to Node ≥22 (pin the CI runner via actions/setup-node, add matching .nvmrc/engines entries, and document the new requirement).

[overcut-ai]

@vitejs/[email protected] now advertises engines.node: ^20.19.0 || >=22.12.0, which is higher than what this repo currently targets (the root packages[""].engines.node entry in this lockfile is still >=18, and .github/workflows/tests.yml never installs a newer runtime—it simply runs npm ci on the runner’s default Node 18). Installing this dependency will start erroring in CI and for every developer who hasn’t moved to Node ≥20.19 yet. Please either (a) bump the project toolchain (add setup-node 20+ in workflows, update any .nvmrc/docs) before merging, or (b) pin @vitejs/plugin-react-swc to the latest 3.x release until the Node upgrade work is done.