Skip to content

fix: update vite to 8.0.5 to resolve high severity CVEs (CI npm audit fix)#88

Merged
kayodebristol merged 2 commits intomainfrom
copilot/fix-ci-failures-pr-83
Apr 6, 2026
Merged

fix: update vite to 8.0.5 to resolve high severity CVEs (CI npm audit fix)#88
kayodebristol merged 2 commits intomainfrom
copilot/fix-ci-failures-pr-83

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 6, 2026

Vitest 4.1.2 (introduced by the dependabot dev-deps bump) pulls in vite 8.0.3 as a transitive dependency, which carries three high-severity CVEs and breaks npm audit --audit-level=moderate in CI.

Changes

  • package-lock.json — pins vite from 8.0.38.0.5, the patched release addressing:

No source or test changes; this is a lock-file-only fix resolving the npm audit gate.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • dl.deno.land
    • Triggering command: /usr/bin/curl curl -s REDACTED (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI linked an issue Apr 6, 2026 that may be closed by this pull request
@kayodebristol kayodebristol marked this pull request as ready for review April 6, 2026 19:54
Copilot AI review requested due to automatic review settings April 6, 2026 19:54
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

Agent-Logs-Url: https://github.com/plures/chronos/sessions/84770921-e74e-4b13-b164-08c3e760adb2

Co-authored-by: kayodebristol <3579196+kayodebristol@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix CI failures on PR #83 fix: update vite to 8.0.5 to resolve high severity CVEs (CI npm audit fix) Apr 6, 2026
Copilot AI requested a review from kayodebristol April 6, 2026 20:03
Copy link
Copy Markdown
Contributor

@kayodebristol kayodebristol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved: CI green + code review complete.

@kayodebristol kayodebristol merged commit f9383f9 into main Apr 6, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[ci-feedback] Fix CI failures on PR #83

3 participants