Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade vite from 3.1.1 to 3.2.7 #1819

Merged
merged 2 commits into from
Jun 3, 2023
Merged

[Snyk] Security upgrade vite from 3.1.1 to 3.2.7 #1819

merged 2 commits into from
Jun 3, 2023

Conversation

ChiaAutomation
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/core/package.json
    • packages/core/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Path Equivalence
SNYK-JS-VITE-5664718		 No Proof of Concept
Commit messages
Package name: vite The new version differs by 179 commits.
  • 494f36b release: v3.2.7
  • 0574f80 fix: port #13348 to v3, fs.deny with leading double slash (#13349)
  • f494760 release: v3.2.6
  • b48ac2a fix: escape msg in render restricted error html, backport (#12889) (#12892)
  • 77ee19b release: v3.2.5
  • eba9b42 chore: cherry pick more v4 bug fixes to v3 (#11189)
  • c93a526 chore: cherry pick v4 bug fix to v3 (#11110)
  • bc3b5a9 fix: relocated logger to respect config. (#10787) (#10967)
  • 970538c release: v3.2.4
  • 7f59dcf fix(ssr): skip optional peer dep resolve (v3) (#10593) (#10931)
  • 3ba45b9 fix: prevent cache on optional package resolve (v3) (#10812) (#10845)
  • d9f6dc0 release: create-vite@3.2.1
  • 836285e release: plugin-legacy@2.3.1
  • 840d640 release: plugin-vue-jsx@2.1.1
  • ce4c8d4 release: v3.2.3
  • 8ea71b4 refactor: change style.innerHTML to style.textContent (#10801)
  • 96bd10a docs: add note to use dotenv-expand (#10440) (#10798)
  • 57916a4 fix: add `@ types/node` as an optional peer dependency (#10757)
  • 1f57f84 feat: add `vite:afterUpdate` event (#9810)
  • 51ed059 perf: improve `multilineCommentsRE` regex (fix #10689) (#10751)
  • 4a392f0 test: fix ssr-vue server.js / prerender.js (#10554)
  • f199e90 perf: Use only one ps exec to find a Chromium browser opened on Mac OS (#10588)
  • c53ffec fix: transform import.meta.glob when scan JS/TS #10634 (#10635)
  • fa2e47f fix(css): url() with variable in sass/less (fixes #3644, #7651) (#10741)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@paninaro paninaro merged commit 280237a into main Jun 3, 2023
@paninaro paninaro deleted the snyk-fix-1fc7a281ead913a83e90e5360f7d9e9c branch June 3, 2023 00:45
paninaro added a commit to Chia-Network/chia-blockchain that referenced this pull request Jun 5, 2023
@paninaro
Bump chia-blockchain-gui to 60491b6c68cec864fa6169ffca77db5ca3086399
54ab261 
* add tests covering WalletService RPCs and related functions by @paninaro in Chia-Network/chia-blockchain-gui#1796
* disconnect sessions when disconnecting a WC pairing by @paninaro in Chia-Network/chia-blockchain-gui#1816
* fixed switching between keys by @seeden in Chia-Network/chia-blockchain-gui#1815
* replace isURL usage with isValidURL by @paninaro in Chia-Network/chia-blockchain-gui#1813
* small bug fixes by @seeden in Chia-Network/chia-blockchain-gui#1818
* [Snyk] Security upgrade vite from 3.1.1 to 3.2.7 by @ChiaAutomation in Chia-Network/chia-blockchain-gui#1819
* Add clawback feature to the GUI by @zsolt-dev in Chia-Network/chia-blockchain-gui#1802
* Rifeljm/#1699 verifiable credentials by @rifeljm in Chia-Network/chia-blockchain-gui#1820

**Full Changelog**: Chia-Network/chia-blockchain-gui@1.8.2-rc1...1.8.2-rc2
@paninaro paninaro mentioned this pull request Jun 5, 2023
Merged
wallentx pushed a commit to Chia-Network/chia-blockchain that referenced this pull request Jun 6, 2023
@paninaro
Bump chia-blockchain-gui to 1.8.2-rc2 (#15450)
0099379 
Bump chia-blockchain-gui to 60491b6c68cec864fa6169ffca77db5ca3086399

* add tests covering WalletService RPCs and related functions by @paninaro in Chia-Network/chia-blockchain-gui#1796
* disconnect sessions when disconnecting a WC pairing by @paninaro in Chia-Network/chia-blockchain-gui#1816
* fixed switching between keys by @seeden in Chia-Network/chia-blockchain-gui#1815
* replace isURL usage with isValidURL by @paninaro in Chia-Network/chia-blockchain-gui#1813
* small bug fixes by @seeden in Chia-Network/chia-blockchain-gui#1818
* [Snyk] Security upgrade vite from 3.1.1 to 3.2.7 by @ChiaAutomation in Chia-Network/chia-blockchain-gui#1819
* Add clawback feature to the GUI by @zsolt-dev in Chia-Network/chia-blockchain-gui#1802
* Rifeljm/#1699 verifiable credentials by @rifeljm in Chia-Network/chia-blockchain-gui#1820

**Full Changelog**: Chia-Network/chia-blockchain-gui@1.8.2-rc1...1.8.2-rc2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paninaro paninaro paninaro approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ChiaAutomation @paninaro @snyk-bot