Skip to content

build: Bump vite to fix security vulnerabilities#85

Merged
gricha merged 1 commit intomainfrom
gricha/build/bump-vite-security-fix
Apr 7, 2026
Merged

build: Bump vite to fix security vulnerabilities#85
gricha merged 1 commit intomainfrom
gricha/build/bump-vite-security-fix

Conversation

@gricha
Copy link
Copy Markdown
Member

@gricha gricha commented Apr 7, 2026

Add pnpm override for vite ^7.3.2 to resolve three open Dependabot alerts, all fixed in the same vite release. This follows the same pattern as the existing rollup override.

Vite is a transitive dependency of vitest. The override pins to ^7.3.2 to stay on the 7.x line.

All tests pass (pnpm check).

@gricha @claude
build: Bump vite to fix security vulnerabilities
853c23d 
Add pnpm override for vite ^7.3.2 to resolve three open GitHub
security advisories:

- GHSA-p9ff-h696-f583 (HIGH): Arbitrary file read via WebSocket
- GHSA-v2wj-q39q-566r (HIGH): server.fs.deny bypass with queries
- GHSA-4w7w-66w2-5vf9 (MODERATE): Path traversal in .map handling

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 7, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
dotagents Ready Ready Preview, Comment Apr 7, 2026 9:20pm

Request Review

@gricha gricha marked this pull request as ready for review April 7, 2026 21:20
@gricha gricha merged commit 3fe9ccd into main Apr 7, 2026
15 checks passed
@gricha gricha deleted the gricha/build/bump-vite-security-fix branch April 7, 2026 21:23
@sentry-release-bot sentry-release-bot Bot mentioned this pull request Apr 17, 2026
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gricha