Skip to content

Package.json: update vulnerable vite versions #32040

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pharret31 merged 3 commits into from
Dec 24, 2025
Merged

Package.json: update vulnerable vite versions #32040

pharret31 merged 3 commits into from
Dec 24, 2025

Conversation

@pharret31
Copy link
Contributor

@pharret31 pharret31 commented Dec 24, 2025

No description provided.

@pharret31 pharret31 self-assigned this Dec 24, 2025
@pharret31 pharret31 added dependencies Pull requests that update a dependency file skip-cache 26_1 labels Dec 24, 2025
@pharret31 pharret31 marked this pull request as ready for review December 24, 2025 14:03
Copilot AI review requested due to automatic review settings December 24, 2025 14:03
Copilot AI reviewed Dec 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses security vulnerabilities in Vite by updating to patched versions. The changes add a pnpm override for Vite 6.x versions and update a direct dependency in the bundlers test package from Vite 5.4.19 to 5.4.21.

Key changes:

  • Adds pnpm override to force Vite 6.2.7 to upgrade to 6.4.1
  • Updates e2e/bundlers package to use Vite 5.4.21 instead of 5.4.19
  • Updates pnpm-lock.yaml with new version resolutions and dependency changes

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File Description
package.json Adds pnpm override for vite@6.2.7 to force upgrade to ^6.4.1
e2e/bundlers/package.json Updates direct Vite dependency from 5.4.19 to 5.4.21
pnpm-lock.yaml Updates lockfile with new Vite version resolutions (6.2.7→6.4.1, 5.4.19→5.4.21), dependency snapshots, and package metadata
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

Copilot AI review requested due to automatic review settings December 24, 2025 14:09
Copilot AI reviewed Dec 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

Copilot AI reviewed Dec 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@pharret31 pharret31 merged commit ef05ef0 into DevExpress:26_1 Dec 24, 2025
99 checks passed
@pharret31 pharret31 deleted the 26_1_3005-tribe-duty-sprint-13-252-vite branch December 24, 2025 14:38
This was referenced Dec 24, 2025
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@anna-shakhova anna-shakhova anna-shakhova approved these changes

Assignees

@pharret31 pharret31

Labels

26_1 dependencies Pull requests that update a dependency file skip-cache

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pharret31 @anna-shakhova