v0.4.6 — Security: Vite dev server patch
What's Changed
Security
- Bumped
vite(dev dependency) from 7.3.0 to 7.3.2 — patches threeserver.fspath traversal vulnerabilities in the Vite dev server:- vitejs/vite#22159 —
server.fscheck not applied to env transport - vitejs/vite#22160 —
server.fscheck skipped when query string present - vitejs/vite#22161 — path traversal via optimize deps sourcemap handler
- vitejs/vite#22159 —
Note: These vulnerabilities only affect the Vite development server (
pnpm dev). Production builds are not affected.
Upgrading
No database migrations required. Drop-in upgrade from v0.4.5.
Full Changelog: v0.4.5...v0.4.6