fix: upgrade Vite and update tests

[ascorbic]

Changes

Upgrades Vite to fix GHSA-vg6x-rcgg-rjx6
This is a breaking change and lots of tests were failing. This PR contains the fix, which is to ensure the host header is set.

Testing

Updates tests

Docs

[changeset-bot]

⚠️ No Changeset found

Latest commit: ec13663

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[codspeed-hq]

CodSpeed Performance Report

Merging #13011 will not alter performance

_{Comparing vite-upgrade (d41fd46) with main (9ce0038)}

Summary

✅ 6 untouched benchmarks

[florian-lefebvre]

This is the fix right?

[ascorbic]

The main fix is https://github.com/withastro/astro/pull/13011/files#diff-bcbc23a62af95914bdc40a5d67195628cae5f3b4294ddf62592318323120d155R47

[Antonytm]

@ascorbic It seems that this merge breaks my usecase.

I have Astro running as astro dev in the environment with the dynamic hostname. I don't control the hostname.
After upgrading from 5.1.6 to 5.1.8 I started to get the error message: "Blocked request. This host (".............") is not allowed. To allow this host, add "................" to server.allowedHosts in vite.config.js."

Is there any way to omit the hostname check?

[ascorbic]

@Antonytm this is a change in Vite to fix a vulnerability, so not something we control directly. Take a look at the disclosure for some of the options you can use

[Antonytm]

@ascorbic
Thank you.
That is not a critical vulnerability for my use case. I will stay on 5.1.6 until a fix for astro preview. As I assume astro preview doesn't use Vite.