fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability (#39)
Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via the Vite Dev Server WebSocket (server.fs.deny bypass with queries). CVE: GHSA-p9ff-h696-f583 Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
This commit was merged in pull request #39.
This commit is contained in:
privilegedescalation-engineer[bot]
committed by
GitHub
GitHub
parent
ac3d9e87ca
commit
8e9b2c2645
+2
-1
@@ -31,7 +31,8 @@
|
||||
},
|
||||
"overrides": {
|
||||
"tar": "^7.5.11",
|
||||
"undici": "^7.24.3"
|
||||
"undici": "^7.24.3",
|
||||
"vite": ">=6.4.2"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@headlamp-k8s/eslint-config": "^0.6.0",
|
||||
|
||||
Generated
+843
-760
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user