Skip to content

Update dependency vite to v7.3.2 [SECURITY]#919

Merged
renovate[bot] merged 1 commit intodevelopfrom
renovate/npm-vite-vulnerability
Apr 6, 2026
Merged

Update dependency vite to v7.3.2 [SECURITY]#919
renovate[bot] merged 1 commit intodevelopfrom
renovate/npm-vite-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 6, 2026

This PR contains the following updates:

Package Change Age Confidence
vite (source) 7.3.17.3.2 age confidence

GitHub Vulnerability Alerts

GHSA-v2wj-q39q-566r

Summary

The contents of files that are specified by server.fs.deny can be returned to the browser.

Impact

Only apps that match the following conditions are affected:

Details

On the Vite dev server, files that should be blocked by server.fs.deny (e.g., .env, *.crt) can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are appended.

PoC

  1. Start the dev server: pnpm exec vite root --host 127.0.0.1 --port 5175 --strictPort
  2. Confirm that server.fs.deny is enforced (expect 403): curl -i http://127.0.0.1:5175/src/.env | head -n 20
    image
  3. Confirm that the same files can be retrieved with query parameters (expect 200):
    image

Release Notes

vitejs/vite (vite)

v7.3.2

Compare Source

Please refer to CHANGELOG.md for details.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot enabled auto-merge (squash) April 6, 2026 21:53
@renovate renovate Bot merged commit 6fa00a3 into develop Apr 6, 2026
7 of 8 checks passed
@renovate renovate Bot deleted the renovate/npm-vite-vulnerability branch April 6, 2026 21:55
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 6, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.38%. Comparing base (34bcdad) to head (5ee2b0d).
⚠️ Report is 1 commits behind head on develop.

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop     #919   +/-   ##
========================================
  Coverage    97.38%   97.38%           
========================================
  Files          405      405           
  Lines         6627     6627           
  Branches       877      877           
========================================
  Hits          6454     6454           
  Misses          88       88           
  Partials        85       85

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants