fix: update vite to >=6.4.2 to patch arbitrary file read vulnerability

Browse Source

Vite versions >=6.0.0 <=6.4.1 are vulnerable to arbitrary file read via
the Vite Dev Server WebSocket (server.fs.deny bypass with queries).

CVE: GHSA-p9ff-h696-f583

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

...

This commit is contained in:

Gandalf the Greybeard

2026-04-23 03:41:13 +00:00

parent 39ed3ea90a

commit 6dd781508d

2 changed files with 1059 additions and 644 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

pnpm-lock.yaml

Generated

+1057 -643

File diff suppressed because it is too large Load Diff