build(deps): bump esbuild and @quasar/app-vite

[dependabot]

Removes esbuild. It's no longer used after updating ancestor dependency @quasar/app-vite. These dependencies need to be updated together.

Removes esbuild

Updates @quasar/app-vite from 2.5.4 to 3.0.0-rc.2

Release notes

Sourced from @​quasar/app-vite's releases.

@​quasar/app-vite-v3.0.0-rc.2

Fix

• fix(app-vite): glitch in spawning SSR with Express & Koa

Donations

Quasar Framework is an open-source MIT-licensed project made possible due to the generous contributions by sponsors and backers. If you are interested in supporting this project, please consider the following:

• Becoming a sponsor on Github
• One-off donation via PayPal

@​quasar/app-vite-v3.0.0-rc.1

Bird's eye view on what's new

• ⚡ Blazing Fast Compilation: We've replaced esbuild with Rolldown for /src-* folders and completely redesigned the build architecture. Build steps are now parallelized across all Quasar modes, resulting in significantly faster speeds and a smaller footprint for your production distributables.

• ⚙️ Next-Gen Environment Management: We’ve redesigned env file management from the ground up. You will no longer need to restart the dev server when making changes to these files, and you can now use them directly within your quasar.config file too!

• 🔒 Enhanced Security & Modern Standards: We’ve migrated from process.env to the modern import.meta.env (aligning with Vite's native model) with full TypeScript support. A new security layer ensures client-side files only use a configurable prefix for env definitions, preventing potential leaks of sensitive data.

• 📦 Smarter Dependency Isolation: We now have a clear separation of dependencies for each Quasar mode. You can install mode-specific packages directly in their respective /src-* folders. For example, the default Electron app will no longer require dependencies to be installed in its dist folder—only what you explicitly install in /src-electron will be included.

• 🌍 Redesigned SSR Architecture: SSR mode now features superior support for custom web servers and proper TypeScript integration. When adding SSR, the CLI will prompt you to spawn a preconfigured /src-ssr folder using Hono, Fastify, Express, or Koa (let us know what other out-of-the-box servers you’d like!).

• 📂 New Server Assets Folder for SSR: We've introduced a /src-ssr/server-assets folder alongside helpful utility functions. This makes it incredibly easy to reference assets (like HTTPS certificates) across dev and production runtimes, eliminating the strict need for an Apache/Nginx wrapper. We've also made the serverless support a breeze.

• 🚀 Paving the Way for SSG: This new SSR architecture lays the necessary groundwork for us to finally release Static Site Generation (SSG) mode in the future.

• 🖥️ Revamped Electron Mode: We’ve added lots of new features to make desktop development smoother. Similar to SSR, we've introduced a /src-electron/electron-assets folder. Referencing files from here (or from the /public folder) is now much easier via new utility methods available in both /src-electron and /src.

• 🛣️ Vue Router: First-class support for the filename-based routing.

• 🚀 Smarter reloads (when absolutely needed): You'll notice the DX on dev has improved significantly, with even smarter heuristics when changing the quasar.config file or the dotenv files.

• 🛠️ Modernized Core: The codebase has been updated to take full advantage of Node.js v22+ features, alongside countless other small but significant improvements across all Quasar modes to boost your productivity. The CLI uses significantly less dependencies.

• ...and sooo many other new features and enhancements!

Upgrade Guide

Please refer to docs for the Upgrade Guide. Read top to bottom first. If the page does not mention @quasar/app-vite v3 then wait for your browser to update the docs PWA.

Donations

Quasar Framework is an open-source MIT-licensed project made possible due to the generous contributions by sponsors and backers. If you are interested in supporting this project, please consider the following:

• Becoming a sponsor on Github
• One-off donation via PayPal

@​quasar/app-vite-v2.6.2

Changes

• fix(app-vite): correctly resolve AE packages/scripts when installing a tagged AE, e.g. @beta suffix

... (truncated)

Commits

• 023d0df chore(app-vite;create-quasar): Bump version
• 98f64af fix(app-vite): glitch in spawning SSR with Express & Koa
• d489147 chore: update pnpm version
• 1b92124 feat: update roadmap
• a636696 feat(create-quasar): small tweak to prompts
• a87dbf4 feat(create-quasar): ensure latest ui version
• e0e8027 chore(docs): update ui version
• 34c9020 chore(app-vite): Bump version
• 475b1a4 chore(ui): Bump version
• 87071d1 chore(icongenie): Bump version
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[cloudflare-workers-and-pages]

Deploying web with    Cloudflare Pages

Latest commit:	45a533a
Status:	🚫  Build failed.

View logs