fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability

Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via the Vite Dev Server WebSocket (server.fs.deny bypass with queries). CVE: GHSA-p9ff-h696-f583 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-23 03:41:13 +00:00
parent 39ed3ea90a
commit 6dd781508d
2 changed files with 1059 additions and 644 deletions
@@ -45,6 +45,7 @@
  },
  "overrides": {
    "tar": "^7.5.11",
-    "undici": "^7.24.3"
+    "undici": "^7.24.3",
+    "vite": ">=6.4.2"
  }
 }