fix(deps): update dependency @module-federation/vite to v1.16.9 - abandoned

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@module-federation/vite	1.16.0 → 1.16.9

---

Release Notes

module-federation/vite (@​module-federation/vite)

v1.16.9

Compare Source

What's Changed

• fix: fix up React federation order edge case by @​gioboa in #​820
• fix: fix cyclic workspace singleton sharing by @​gioboa in #​819
• fix: use share scope in loadShare cache key to prevent cross-scope collisions by @​RalphK66 in #​822
• fix: bind acyclic workspace shared singletons eagerly when consumed by a peer (#​823) by @​MohammadYusif in #​825
• fix: rethrow failed dev remote loads by @​gioboa in #​827
• fix: reuse singleton share cache aliases by @​gioboa in #​828
• feat(ssr): support mf-manifest.json as remote entry URL by @​tonoizer in #​798
• fix: prefer installed shared version over requiredVersion (#​829) by @​dmchoi77 in #​830
• docs: update Vite getting started link by @​dmchoi77 in #​831
• docs: add announcement by @​gioboa in #​832
• fix: fix dev manifest hashed remote entry by @​gioboa in #​834
• fix: await host init in dev for bridge SSR hydration entries by @​tonoizer in #​835
• fix: normalize trailing slash shares by @​gioboa in #​837
• fix(ssr): initialize host before Vue and remote entries by @​tonoizer in #​839

New Contributors

• @​MohammadYusif made their first contribution in #​825
• @​dmchoi77 made their first contribution in #​830

Full Changelog: module-federation/vite@1.16.8...1.16.9

v1.16.8

Compare Source

What's Changed

• fix: improve hostInit browsers support by @​DanBeckDev in #​814
• fix: solve optimizeDeps clash by @​gioboa in #​815
• fix: Correct the HMR plugin name for @​vitejs/plugin-react-swc by @​truongnguyen-eh in #​816

New Contributors

• @​truongnguyen-eh made their first contribution in #​816

Full Changelog: module-federation/vite@1.16.7...1.16.8

v1.16.7

Compare Source

What's Changed

• fix: allow additional whitespace in preload-helper regex by @​niklas2810 in #​803
• fix: fix dev remote proxy exports by @​gioboa in #​808
• fix(manifest): advertise types archive url in mf-manifest by @​giorgiPapava in #​809
• fix: order shared dependency preload by @​gioboa in #​807
• fix: reduce host bootstrap waterfall with modulepreload by @​jgodi in #​810
• chore: reduce latency by @​gioboa in #​804

New Contributors

• @​niklas2810 made their first contribution in #​803
• @​giorgiPapava made their first contribution in #​809
• @​jgodi made their first contribution in #​810

Full Changelog: module-federation/vite@1.16.6...1.16.7

v1.16.6

Compare Source

What's Changed

• chore: replace pathe with node:path by @​gioboa in #​795
• chore: replace estree-walker with local walker by @​gioboa in #​796
• chore: remove es-module-lexer dependency safely by @​gioboa in #​797
• fix: framework-agnostic remote exports, deferred loaded-first, and unified SSR gates by @​tonoizer in #​742
• fix: fix up React HMR by @​gioboa in #​799
• fix: avoid duplicate react with redux in dev mode by @​gioboa in #​800

Full Changelog: module-federation/vite@1.16.5...1.16.6

v1.16.5

Compare Source

What's Changed

• fix: fix Vue loaded-first static imports by @​gioboa in #​789
• fix: respect entryFileNames directory for bootstrap file output by @​pcfreak30 in #​786
• fix: await nested remote static imports by @​gioboa in #​790
• fix: add missing manifest additionalData by @​gioboa in #​791
• chore: drop CJS build preserving compatibility by @​gioboa in #​793

Full Changelog: module-federation/vite@1.16.4...1.16.5

v1.16.4

Compare Source

What's Changed

• fix: detect enum and destructuring exports when scanning shared named… by @​francesc79 in #​781
• fix: fix up Nuxt dev bootstrap loop by @​gioboa in #​782
• chore: bump es-module-lexer by @​gioboa in #​783

Full Changelog: module-federation/vite@1.16.3...1.16.4

v1.16.3

Compare Source

What's Changed

• fix: walk static-import graph when collecting expose async assets by @​DanBeckDev in #​771
• fix: detect shared named exports from configured import source by @​majashryer9 in #​772
• perf: materialize each shared source's loadShare artifacts at most once by @​falldowngoboone in #​765
• fix: use public federation runtime names by @​gioboa in #​773
• chore: update @​vitejs/plugin-react in examples and migrate to react compiler by @​smeng9 in #​761
• fix: isolate __vite_preload helper into its own chunk to break shared-singleton loadShare deadlock by @​falldowngoboone in #​766
• fix: use explicit shared subpath fallback by @​gioboa in #​774
• fix: handle cached shared subpath optimization by @​gioboa in #​775
• chore: lock dependency versions by @​gioboa in #​776
• chore: bump mfe deps 🍿 by @​gioboa in #​777

New Contributors

• @​DanBeckDev made their first contribution in #​771
• @​majashryer9 made their first contribution in #​772

Full Changelog: module-federation/vite@1.16.2...1.16.3

v1.16.2

Compare Source

What's Changed

• fix: fix shared cache version keys by @​gioboa in #​758
• fix: fix Vue sharing and assets by @​gioboa in #​757
• fix: fix duplicate named remote helper by @​gioboa in #​759

Full Changelog: module-federation/vite@1.16.1...1.16.2

v1.16.1

Compare Source

What's Changed

• fix: avoid resolving aliases as packages by @​gioboa in #​747
• fix: content-hash bootstrap entry asset by @​cschroeter in #​751
• test: use Playwright Docker image for E2E by @​gioboa in #​752
• fix: improve shared runtime isolation by @​gioboa in #​748

New Contributors

• @​cschroeter made their first contribution in #​751

Full Changelog: module-federation/vite@1.16.0...1.16.1

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 3am on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

---

Note

Medium Risk
Touches the module-federation layer behind unstable workbench dev/build; no code changes but federation behavior changes could affect remote loading and shared deps in workbench apps.

Overview
Bumps @module-federation/vite in @sanity/workbench-cli from 1.16.0 to 1.16.9, with matching pnpm-lock.yaml updates (transitive @module-federation/* 2.5.0 → 2.5.1, ws 8.18.0 → 8.21.0). Adds a patch changeset for @sanity/workbench-cli.

No application source changes—only dependency resolution. The upgrade pulls in upstream fixes around React/Vite dev federation, shared singleton/workspace sharing, remote load errors, and SSR/host init behavior that affect how the experimental workbench Vite stack runs.

^{Reviewed by Cursor Bugbot for commit fd89505. Bugbot is set up for automated code reviews on this repo. Configure here.}

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

<--- Last few GCs --->

[931:0x2ba90000]   119706 ms: Scavenge (interleaved) 1482.4 (1492.8) -> 1481.3 (1497.1) MB, pooled: 0 MB, 40.41 / 0.00 ms  (average mu = 0.352, current mu = 0.368) task; 
[931:0x2ba90000]   122597 ms: Mark-Compact (reduce) 1486.2 (1498.6) -> 1481.4 (1490.8) MB, pooled: 0 MB, 1159.06 / 0.11 ms  (+ 898.8 ms in 91 steps since start of marking, biggest step 23.7 ms, walltime since start of marking 2405 ms) (average mu = 0.360,
FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory
----- Native stack trace -----

 1: 0x744ae8 node::OOMErrorHandler(char const*, v8::OOMDetails const&) [/opt/containerbase/tools/node/24.17.0/bin/node]
 2: 0xc1a6f0  [/opt/containerbase/tools/node/24.17.0/bin/node]
 3: 0xc1a7df  [/opt/containerbase/tools/node/24.17.0/bin/node]
 4: 0xebdfe5  [/opt/containerbase/tools/node/24.17.0/bin/node]
 5: 0xebe012  [/opt/containerbase/tools/node/24.17.0/bin/node]
 6: 0xebe30a  [/opt/containerbase/tools/node/24.17.0/bin/node]
 7: 0xecf00a  [/opt/containerbase/tools/node/24.17.0/bin/node]
 8: 0xed33b0  [/opt/containerbase/tools/node/24.17.0/bin/node]
 9: 0x1965811  [/opt/containerbase/tools/node/24.17.0/bin/node]
/usr/local/bin/node: line 18:   931 Aborted                 /opt/containerbase/tools/node/24.17.0/bin/node "$@"

[github-actions]

📦 Bundle Stats — @sanity/cli

Compared against main (721638c5)

@sanity/cli

Metric	Value	vs main (721638c)
Internal (raw)	2.7 KB	-
Internal (gzip)	1.0 KB	-
Bundled (raw)	11.16 MB	-
Bundled (gzip)	2.10 MB	-
Import time	874ms	+3ms, +0.4%

bin:sanity

Metric	Value	vs main (721638c)
Internal (raw)	782 B	-
Internal (gzip)	423 B	-
Bundled (raw)	9.87 MB	-
Bundled (gzip)	1.78 MB	-
Import time	2.31s	+23ms, +1.0%

🗺️ View treemap · Artifacts

Details

• Import time regressions over 10% are flagged with ⚠️
• Sizes shown as raw / gzip 🗜️. Internal bytes = own code only. Total bytes = with all dependencies. Import time = Node.js cold-start median.

📦 Bundle Stats — @sanity/cli-core

Compared against main (721638c5)

Metric	Value	vs main (721638c)
Internal (raw)	106.7 KB	-
Internal (gzip)	26.7 KB	-
Bundled (raw)	21.72 MB	-
Bundled (gzip)	3.46 MB	-
Import time	779ms	-3ms, -0.4%

🗺️ View treemap · Artifacts

Details

• Import time regressions over 10% are flagged with ⚠️
• Sizes shown as raw / gzip 🗜️. Internal bytes = own code only. Total bytes = with all dependencies. Import time = Node.js cold-start median.

📦 Bundle Stats — create-sanity

Compared against main (721638c5)

Metric	Value	vs main (721638c)
Internal (raw)	908 B	-
Internal (gzip)	483 B	-
Bundled (raw)	931 B	-
Bundled (gzip)	491 B	-
Import time	❌ ChildProcess denied: node	-

Details

• Import time regressions over 10% are flagged with ⚠️
• Sizes shown as raw / gzip 🗜️. Internal bytes = own code only. Total bytes = with all dependencies. Import time = Node.js cold-start median.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​module-federation/​vite@​1.16.0 ⏵ 1.16.9	+3			+1

View full report

[github-actions]

Coverage Delta

No covered files changed in this PR.

Overall Coverage

Metric	Coverage
Statements	74.2% (±0%)
Branches	64.2% (±0%)
Functions	69.0% (±0%)
Lines	74.8% (±0%)

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.